Samba < 3.0.7 Multiple Remote DoS

medium Nessus Plugin ID 14711

Language:

Synopsis

The remote service is vulnerable to a denial of service.

Description

The remote Samba server, according to its version number, is vulnerable to a denial of service.

There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely.

Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet.

Solution

Upgrade to Samba 3.0.7.

Plugin Details

Severity: Medium

ID: 14711

File Name: samba_asn1_dos.nasl

Version: 1.15

Type: remote

Family: Denial of Service

Published: 9/13/2004

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/13/2004

Reference Information

CVE: CVE-2004-0807, CVE-2004-0808

BID: 11156

Detections

Analytics