Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities



The remote version of Samba is outdated and thus affected by multiple vulnerabilities.


Versions of Samba older than 3.6.23 / 4.0.16 / 4.1.6 are unpatched for the following vulnerabilities:

- An information disclosure due to an error in the Security Account Manager Remote (SAMR) implementation, which fails to properly validate the lockout state for user accounts after a certain number of bad password attempts. (CVE-2013-4496)

- An error in the 'smbcacls' command causes the removal of access control lists (ACLs) when used with a '--chown' or '--chgrp' option, which could be leveraged by a remote attacker after an unintended administrative change to bypass intended restrictions. (CVE-2013-6442)


Install the patch referenced in the project's advisory, or upgrade to 3.6.23 / 4.0.16 / 4.1.6 or later.