This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
The samba developers discovered that nmbd could be made to overrun a
buffer during the processing of GETDC logon server requests. If samba
is configured as a Primary or Backup Domain Controller, this could be
used by a remote attacker to send malicious logon requests and
possibly cause a denial of service (CVE-2007-4572).
As well, Alin Rad Pop of Secunia Research found that nmbd did not
properly check the length of netbios packets. If samba is configured
as a WINS server, this could be used by a remote attacker able to send
multiple crafted requests to nmbd, resulting in the execution of
arbitrary code with root privileges (CVE-2007-5398).
This update corrects all known regressions with previous Samba updates
due to the security fixes to correct CVE-2007-4572.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false