Samba < 3.6.22 / 4.0.13 / 4.1.3 Multiple Vulnerabilities

High

Synopsis

The remote Samba server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Samba running on this system (i.e., earlier than 3.6.22 / 4.0.13 / 4.1.3) contain the following known vulnerabilities:

- A security bypass vulnerability via the 'winbind_name_list_to_sid_string_list()' that would allow a malicious authenticated user to modify the 'pam_winbind' configuration file. (CVE-2012-6150)

- A buffer overflow vulnerability in the 'dcerpc_read_ncacn_packet_done()' function that can allow remote AD domain controllers to execute arbitrary code (CVE-2013-4408)

- ACLs were not checked when opening files with alternate data streams, though this issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used. (CVE-2013-4475)

Solution

Install the patch referenced in the project's advisory, or upgrade to 3.6.22 / 4.0.13 / 4.1.3 or later.