The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3278 advisory.

    Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System     (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

    Security Fix(es):

    * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An     unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or     execute arbitrary code. (CVE-2017-14746)

    * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which     could contain potentially sensitive data, by sending specially-crafted requests to the samba server.
    (CVE-2017-15275)

    Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian     and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet     and the Samba Team) as the original reporter of CVE-2017-15275.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : samba4 (RHSA-2017:3278)

critical Nessus Plugin ID 104843

Version 3.16

Version 3.15

Version 3.16 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 3.15 Apr 28, 2024, 2:25 PM CVSSv2 score source (set to "CVE-2017-14746") Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425