Detections
Analytics
Samba < 3.0.27 Multiple Vulnerabilities
high Nessus Plugin ID 28228
Language:
Synopsis
The remote Samba server may be affected one or more vulnerabilities.Description
According to its banner, the version of the Samba server on the remote host contains a boundary error in the 'reply_netbios_packet()' function in 'nmbd/nmbd_packets.c' when sending NetBIOS replies.Provided the server is configured to run as a WINS server, a remote attacker can exploit this issue by sending multiple specially crafted WINS 'Name Registration' requests followed by a WINS 'Name Query' request, leading to a stack-based buffer overflow. This could also allow for the execution of arbitrary code.
There is also a stack buffer overflow in nmbd's logon request processing code that can be triggered by means of specially crafted GETDC mailslot requests when the affected server is configured as a Primary or Backup Domain Controller. Note that the Samba security team currently does not believe this particular issue can be exploited to execute arbitrary code remotely.
Solution
Upgrade to Samba version 3.0.27 or later.See Also
https://secuniaresearch.flexerasoftware.com/secunia_research/2007-90/advisory/
https://www.securityfocus.com/archive/1/483744
http://us1.samba.org/samba/security/CVE-2007-4572.html
http://us1.samba.org/samba/security/CVE-2007-5398.html
Plugin Details
Severity: High
ID: 28228
File Name: samba_3_0_27.nasl
Version: 1.16
Type: remote
Family: Misc.
Published: 11/16/2007
Updated: 11/15/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:samba:samba
Required KB Items: Settings/ParanoidReport, SMB/NativeLanManager
Exploit Ease: No known exploits are available
Reference Information
CVE: CVE-2007-4572, CVE-2007-5398
CWE: 119