Samba 3.4.x < 3.6.23 / 4.0.x < 4.0.16 / 4.1.x < 4.1.6 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Samba running on the remote
host is 3.4.x or later but prior to 3.6.23 or 4.0.x or later but prior
to 4.0.16 or 4.1.6. It is, therefore, potentially affected by multiple
vulnerabilities :

- A flaw exists in the Security Account Manager Remote
protocol implementation where it fails to validate the
user lockout state, affecting Samba versions 3.4.x and
later. This could allow a remote attacker to attempt a
brute-force attack to determine a user's password
without being locked out. (CVE-2013-4496)

- A flaw exists in the 'owner_set' function of the
smbcacls command when changing the owner or group owner
of the object using '-C' / '--chown' or '-G' / '--chgrp'
flags, causing the existing ACL to be removed. This
affects Samba versions 4.0.x and later and could allow
an attacker unrestricted access to the modified object.
(CVE-2013-6442)

Note that Nessus has relied only on the self-reported version number and
has not actually tried to exploit these issues or determine if the
associated patches have been applied.

See also :

https://www.samba.org/samba/security/CVE-2013-4496
https://www.samba.org/samba/security/CVE-2013-6442
http://www.samba.org/samba/history/samba-3.6.23.html
http://www.samba.org/samba/history/samba-4.0.16.html
http://www.samba.org/samba/history/samba-4.1.6.html
https://www.samba.org/samba/history/
https://www.samba.org/samba/history/security.html

Solution :

Upgrade to version 3.6.23 / 4.0.16 / 4.1.6 or later or refer to the
vendor for patches or workarounds.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 73080 ()

Bugtraq ID: 66232
66336

CVE ID: CVE-2013-4496
CVE-2013-6442