The remote Samba server is affected by a permissions vulnerability.
According to its banner, the version of Samba running on the remote
host is 4.x prior to 4.0.4 and is, therefore, potentially affected by a
file permissions vulnerability.
Files on Active Directory Domain Controllers(AD DC) may be created with
world-writeable permissions when additional CIFS file shares are created
on the AD DC.
Note that this issue does not affect the AD DC by default and thus, does
not affect files in the 'sysvol' and 'netlogon' shares. Further,
installs configured as standalone server, domain member, file server,
classic domain controller and installs built with '--without-ad-dc' are
not affected. However, it does affect files on shares with simple Unix
Further note that Nessus has relied only on the self-reported version
number and has not actually tried to exploit this issue, or determine if
the associated patch has been applied.
See also :
Either install the patch referenced in the project's advisory, or
upgrade to 4.0.4 or later.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true