Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba < 3.0.27 Multiple Vulnerabilities



The remote Samba server may be affected one or more vulnerabilities.


According to its banner, the version of the Samba server on the remote host contains a boundary error in the 'reply_netbios_packet()' function in 'nmbd/nmbd_packets.c' when sending NetBIOS replies. Provided the server is configured to run as a WINS server, a remote attacker can exploit this issue by sending multiple specially-crafted WINS 'Name Registration' requests followed by a WINS 'Name Query' request, leading to a stack-based buffer overflow and allow for execution of arbitrary code. There is also a stack buffer overflow in nmbd's logon request processing code that can be triggered by means of specially-crafted GETDC mailslot requests when the affected server is configured as a Primary or Backup Domain Controller. The Samba security team currently does not believe this particular vulnerability can be exploited to execute arbitrary code remotely.


Upgrade to version 3.0.27 or later.