Samba < 3.0.27 Multiple Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote Samba server may be affected one or more vulnerabilities.

Description :

According to its banner, the version of the Samba server on the remote
host contains a boundary error in the 'reply_netbios_packet()'
function in 'nmbd/nmbd_packets.c' when sending NetBIOS replies.
Provided the server is configured to run as a WINS server, a remote
attacker can exploit this issue by sending multiple specially crafted
WINS 'Name Registration' requests followed by a WINS 'Name Query'
request, leading to a stack-based buffer overflow. This could also
allow for the execution of arbitrary code.

There is also a stack buffer overflow in nmbd's logon request
processing code that can be triggered by means of specially crafted
GETDC mailslot requests when the affected server is configured as a
Primary or Backup Domain Controller. Note that the Samba security team
currently does not believe this particular issue can be exploited to
execute arbitrary code remotely.

See also :

Solution :

Upgrade to Samba version 3.0.27 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 28228 ()

Bugtraq ID: 26454

CVE ID: CVE-2007-4572

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now