This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote Samba server is affected by multiple denial of service
According to its banner, the version of Samba on the remote
host is 3.6.x prior to 3.6.24, 4.0.x prior to 4.0.19, or 4.1.x prior
to 4.1.9. It is, therefore, affected by the following vulnerabilities :
- A denial of service flaw exists with 'nmbd'. A remote
attacker, with a specially crafted packet, could
cause the CPU to loop the same code segment, preventing
further NetBIOS name services. (CVE-2014-0244)
- A denial of service flaw exists with 'smbd' when an
authenticated client makes a non-unicode request for a
valid unicode path. An invalid return code from the
conversion of bad unicode to Windows character set can
cause memory at an offset from the expected return
buffer to be overwritten. This could allow a remote
authenticated attacker to cause a denial of service.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Install the patch referenced in the project's advisory or upgrade to
3.6.24 / 4.0.19 / 4.1.9 or later.
Risk factor :
Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 5.2
Public Exploit Available : false