Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba 3.6.x < 3.6.24 / 4.0.x < 4.0.19 / 4.1.x < 4.1.9 Multiple Vulnerabilities

Medium

Synopsis

The remote version of Samba is outdated and affected by multiple vulnerabilities.

Description

The version of Samba on the remote host is 3.6.x prior to 3.6.24, 4.0.x prior to 4.0.19, or 4.1.x prior to 4.1.9 and is affected by the following vulnerabilities :

- A denial of service flaw exists with 'nmbd'. A remote attacker, with a specially crafted packet, could cause the CPU to loop the same code segment, preventing further NetBIOS name services. (CVE-2014-0244)

- A denial of service flaw exists with 'smbd' when an authenticated client makes a non-unicode request for a valid unicode path. An invalid return code from the conversion of bad unicode to Windows character set can cause memory at an offset from the expected return buffer to be overwritten. This could allow a remote authenticated attacker to cause a denial of service. (CVE-2014-3493)

Solution

Upgrade to 3.6.24 / 4.0.19 / 4.1.9 or later.