Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba < 3.6.20 / 4.0.11 / 4.1.1 Multiple Vulnerabilities

Low

Synopsis

The remote version of Samba is outdated and thus affected by multiple vulnerabilities.

Description

Versions of Samba older than 3.6.20 / 4.0.11 / 4.1.1 are unpatched for the following two vulnerabilities:

- Private key for SSL/TLS encryption is stored in a 'key.pem' file with world-readable permissions, which can allow a local attacker to extract sensitive information and decrypt network traffic. (CVE-2013-4476)

- Versions of Samba 3.2.0 and above do not check the underlying file or directory ACL when opening an alternate data stream. (CVE-2013-4475)

Solution

Install the patch referenced in the project's advisory, or upgrade to 3.6.20 / 4.0.11 / 4.1.1 or older.