The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities:

  - Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow     remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum     (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount     (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2     (lsa_io_trans_names). (CVE-2007-2446)

  - The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute     arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the     username map script smb.conf option is enabled, and allows remote authenticated users to execute     commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file     share management. (CVE-2007-2447)

  - Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29     allows remote attackers to execute arbitrary code via a crafted SMB response. (CVE-2008-1105)

  - Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB     subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating     systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users     to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances     involving user accounts that lack home directories. (CVE-2009-2813)

  - smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote     authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break     notification reply packet. (CVE-2009-2906)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2024-0054)

critical Nessus Plugin ID 206855

Version 1.2

Version 1.1

Version 1.2 Sep 11, 2024, 7:40 AM Exploit attributes ("Exploit framework canvas" set to "True") Exploit attributes ("Exploit framework core" set to "True") Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202409110740
Version 1.1 Sep 10, 2024, 5:28 AM New Plugin Feed: 202409100528