The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0255 advisory.

    Samba is an open-source implementation of the Server Message Block (SMB) or     Common Internet File System (CIFS) protocol, which allows PC-compatible     machines to share files, printers, and other information.

    An uninitialized pointer use flaw was found in the Samba daemon (smbd).
    A malicious Samba client could send specially crafted netlogon packets     that, when processed by smbd, could potentially lead to arbitrary code     execution with the privileges of the user running smbd (by default, the     root user). (CVE-2015-0240)

    For additional information about this flaw, see the Knowledgebase article     at https://access.redhat.com/articles/1346913

    Red Hat would like to thank the Samba project for reporting this issue.
    Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research     as the original reporter of this issue.

    All Samba users are advised to upgrade to these updated packages, which     contain a backported patch to correct this issue. After installing this     update, the smb service will be restarted automatically.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : samba4 (RHSA-2015:0255)

critical Nessus Plugin ID 81474

Version 1.22