[GLSA-200409-14] Samba: Remote printing vulnerability

Medium Nessus Plugin ID 14695


The remote host is missing the GLSA-200409-14 security update.


The remote host is affected by the vulnerability described in GLSA-200409-14 (Samba: Remote printing vulnerability)

Due to a bug in the printer_notify_info() function, authorized users could potentially crash the Samba server by sending improperly handled print change notification requests in an invalid order. Windows XP SP2 clients can trigger this behavior by sending a FindNextPrintChangeNotify() request before previously sending a FindFirstPrintChangeNotify() request.

A remote authorized user could potentially crash a Samba server after issuing these out of sequence requests.

There is no known workaround at this time.


All Samba users should upgrade to the latest version:
# emerge sync # emerge -pv ">=net-fs/samba-3.0.6" # emerge ">=net-fs/samba-3.0.6"

See Also




Plugin Details

Severity: Medium

ID: 14695

File Name: gentoo_GLSA-200409-14.nasl

Version: $Revision: 1.6 $

Published: 2004/09/09

Modified: 2011/05/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

CVE: CVE-2004-0829

BID: 11055

GLSA: 200409-14