FreeBSD : samba -- multiple vulnerabilities (ef434839-a6a4-11e5-8275-000c292e4fd8)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Samba team reports :

[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang,
spinning using CPU.

[CVE-2015-5330] Malicious request can cause Samba LDAP server to
return uninitialized memory that should not be part of the reply.

[CVE-2015-5296] Requesting encryption should also request signing when
setting up the connection to protect against man-in-the-middle

[CVE-2015-5299] A missing access control check in the VFS shadow_copy2
module could allow unauthorized users to access snapshots.

[CVE-2015-7540] Malicious request can cause Samba LDAP server to
return crash.

[CVE-2015-8467] Samba can expose Windows DCs to MS15-096 Denial of
service via the creation of multiple machine accounts(The Microsoft
issue is CVE-2015-2535).

[CVE-2015-5252] Insufficient symlink verification could allow data
access outside share path.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87514 ()

Bugtraq ID:

CVE ID: CVE-2015-3223

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now