How to Buy
This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote Samba server is affected by multiple vulnerabilities.
According to its banner, the version of Samba running on the remote
host is 3.3.x equal or later than 3.3.10, 3.4.x, 3.5.x, 3.6.x prior to
3.6.22, 4.0.x prior to 4.0.13 or 4.1.x prior to 4.1.3. It is,
therefore, potentially affected by multiple vulnerabilities :
- A security bypass vulnerability exists in the
'winbind_name_list_to_sid_string_list()' function of the
'nsswitch/pam_winbind.c' source file. Exploitation could
allow a malicious, authenticated user access to the
'pam_winbind' configuration file. (CVE-2012-6150)
- A buffer overflow exists in the
'dcerpc_read_ncacn_packet_done' function of the
'librpc/rpc/dcerpc_util.c' source file that could allow
remote AD domain controllers to execute arbitrary code
on the remote host via DCE-RPC packet with an invalid
fragment length. (CVE-2013-4408)
Note that Nessus has relied only on the self-reported version number and
has not actually tried to exploit this issue or determine if the
associated patch has been applied.
See also :
Upgrade to version 3.6.22 / 4.0.13 / 4.1.3 or later or refer to the
vendor for a patch or workaround.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 5.6
Public Exploit Available : false
Nessus Plugin ID: 71377 ()
Bugtraq ID: 6410164191
CVE ID: CVE-2012-6150CVE-2013-4408
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.