Samba 3.6.6 < 3.6.25 Memory Disclosure
Low Nessus Network Monitor Plugin ID 8752
SynopsisThe remote version of Samba is outdated and affected by a memory disclosure vulnerability.
DescriptionAn error exists related to GET_SHADOW_COPY_DATA() and FSCTL_SRV_ENUMERATE_SNAPSHOTS() request handling in which the SRV_SNAPSHOT_ARRAY response field is not properly initialized. Therefore, configurations with 'shadow_copy' or 'shadow-copy2' specified for the 'vfs objects' parameter can allow the disclosure of uninitialized memory contents.
SolutionUpgrade to 3.6.25 or later.