FreeBSD : samba -- integer overflow vulnerability (3b3676be-52e1-11d9-a9e7-0001020eed82)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Greg MacManus, iDEFENSE Labs reports :

Remote exploitation of an integer overflow vulnerability in the smbd
daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to
and including 3.0.9 could allow an attacker to cause controllable heap
corruption, leading to execution of arbitrary commands with root

Successful remote exploitation allows an attacker to gain root
privileges on a vulnerable system. In order to exploit this
vulnerability an attacker must possess credentials that allow access
to a share on the Samba server. Unsuccessful exploitation attempts
will cause the process serving the request to crash with signal 11,
and may leave evidence of an attack in logs.

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18904 (freebsd_pkg_3b3676be52e111d9a9e70001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now