Samba < 3.4.0 Remote Code Execution Vulnerability
High Nessus Plugin ID 122058
SynopsisThe remote Samba server is affected by a remote code execution vulnerability.
DescriptionThe version of Samba running on the remote host is prior to
3.4.0. It is, therefore, affected by a remote code execution
vulnerability in process.c due to a heap-based buffer overflow. An
unauthenticated, remote attacker can exploit this to bypass authentication
and execute arbitrary commands via Batched / AndX request.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.
SolutionUpgrade to Samba version 3.4.0 or later.