icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities

Medium

Synopsis

The remote version of Samba is outdated and thus affected by multiple vulnerabilities.

Description

Versions of Samba older than 3.6.23 / 4.0.16 / 4.1.6 are unpatched for the following vulnerabilities:

- An information disclosure due to an error in the Security Account Manager Remote (SAMR) implementation, which fails to properly validate the lockout state for user accounts after a certain number of bad password attempts. (CVE-2013-4496)

- An error in the 'smbcacls' command causes the removal of access control lists (ACLs) when used with a '--chown' or '--chgrp' option, which could be leveraged by a remote attacker after an unintended administrative change to bypass intended restrictions. (CVE-2013-6442)

Solution

Install the patch referenced in the project's advisory, or upgrade to 3.6.23 / 4.0.16 / 4.1.6 or later.