This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in samba :
The winbind_name_list_to_sid_string_list function in
nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid
require_membership_of group names by accepting authentication by any
user, which allows remote authenticated users to bypass intended
access restrictions in opportunistic circumstances by leveraging an
administrator's pam_winbind configuration-file mistake
Buffer overflow in the dcerpc_read_ncacn_packet_done function in
librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x
before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain
controllers to execute arbitrary code via an invalid fragment length
in a DCE-RPC packet (CVE-2013-4408).
The updated packages has been upgraded to the 3.6.22 version which
resolves various upstream bugs and is not vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 8.3
CVSS Temporal Score : 7.2
Public Exploit Available : false