Samba 3.x < 3.5.22 / 3.6.x < 3.6.17 / 4.0.x < 4.0.8 read_nttrans_ea_lis DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by a denial of service
vulnerability.

Description :

According to its banner, the version of Samba running on the remote
host is 3.x prior to 3.5.22, 3.6.x prior to 3.6.17 or 4.0.x prior to
4.0.8. It is, therefore, potentially affected by a denial of service
vulnerability.

An integer overflow error exists in the function 'read_nttrans_ea_lis'
in the file 'nttrans.c' that could allow denial of service attacks to be
carried out via specially crafted network traffic.

Note if 'guest' connections are allowed, this issue can be exploited by
a remote, unauthenticated attacker.

Further note that Nessus has relied only on the self-reported version
number and has not actually tried to exploit this issue or determine if
the associated patch has been applied.

See also :

http://www.samba.org/samba/security/CVE-2013-4124
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.nessus.org/u?402dfe4d

Solution :

Either install the patch referenced in the project's advisory, or
upgrade to version 3.5.22 / 3.6.17 / 4.0.8 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 69276 ()

Bugtraq ID: 61597

CVE ID: CVE-2013-4124