Detections
Analytics
Samba 3.x < 3.3.15 / 3.4.12 / 3.5.7 'FD_SET' Memory Corruption
medium Nessus Plugin ID 52503
Language:
Synopsis
The remote Samba server is affected by a memory corruption vulnerability.Description
According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.3.15 / 3.4.12 / 3.5.7. An error exists in the range checks on file descriptors in the 'FD_SET' macro that allows stack corruption. This corruption can cause Samba to crash or to continually try selecting on an improper descriptor set.An attacker who is able to get a connection to a file share, either authenticated or via a guest connection, can leverage this issue to launch a denial of service attack against the affected smbd service.
Note the possibility of arbitrary code execution exists with this type of vulnerability but has not been confirmed.
Also note that Nessus has not actually tried to exploit this issue or otherwise determine if one of the patches has been applied.
Solution
Either apply one of the patches referenced in the project's advisory or upgrade to 3.3.15 / 3.4.12 / 3.5.7 or later.See Also
https://bugzilla.samba.org/show_bug.cgi?id=7949
http://www.samba.org/samba/security/CVE-2011-0719.html
https://www.samba.org/samba/history/samba-3.3.15.html
Plugin Details
Severity: Medium
ID: 52503
File Name: samba_3_5_7.nasl
Version: 1.11
Type: remote
Family: Misc.
Published: 3/2/2011
Updated: 11/15/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/a:samba:samba
Required KB Items: SMB/NativeLanManager, SMB/samba, Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 2/28/2011
Vulnerability Publication Date: 2/28/2011
Reference Information
CVE: CVE-2011-0719
BID: 46597
Secunia: 43512