Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba 3.6.x < 3.6.3 Denial of Service

Medium

Synopsis

The remote Samba server is affected by a denial of service vulnerability.

Description

According to its banner, the version of Samba 3.6.x running on the remote host is earlier than 3.6.3. Errors exist in the files 'source3/lib/substitute.c' and 'source3/smbd/server.c' that leak small amounts of memory when processing every connection attempt.

An attacker can continually make connections to the server and cause a denial of service attack against the affected smbd service.

Solution

Either apply one of the patches referenced in the project's advisory or upgrade to 3.6.3 or later.