This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered
by the Debian samba maintainers. A bug in the length checking for
encrypted password change requests from clients could be exploited
using a buffer overrun attack on the smbd stack. This attack would
have to crafted in such a way that converting a DOS codepage string to
little endian UCS2 unicode would translate into an executable block of
This vulnerability has been fixed in samba version 2.2.7, and the
updated packages have had a patch applied to fix the problem.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true