Samba < 2.2.8 Multiple Vulnerabilities

critical Nessus Plugin ID 11398

Language:

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote Samba server, according to its version number, is vulnerable to a remote buffer overflow when receiving specially crafted SMB fragment packets.

An attacker needs to be able to access at least one share to exploit this flaw.

In addition, it is reported that Samba contains a flaw related to the handling of .reg files that may allow a local user to overwrite arbitrary file.

Solution

Upgrade to Samba 2.2.8.

Plugin Details

Severity: Critical

ID: 11398

File Name: samba_frags_overflow.nasl

Version: 1.21

Type: remote

Family: Gain a shell remotely

Published: 3/15/2003

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/15/2003

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2003-0085, CVE-2003-0086

BID: 7106, 7107

RHSA: 2003:095-03

SuSE: SUSE-SA:2003:016

Detections

Analytics