Amazon Linux AMI : samba (ALAS-2017-933)
High Nessus Plugin ID 105418
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionUse-after-free in processing SMB1 requests
A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746)
Server heap-memory disclosure
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275)
SolutionRun 'yum update samba' to update your system.