Amazon Linux AMI : samba (ALAS-2016-634)
Medium Nessus Plugin ID 87968
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path.
A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
A man-in-the-middle vulnerability was found in the way 'connection signing' was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text.
SolutionRun 'yum update samba' to update your system.