Samba 3.0.x < 3.0.7 Multiple DoS

medium Nessus Network Monitor Plugin ID 9341

Synopsis

The remote Samba server is affected by a multiple Denial of Service (DoS) attack vectors.

Description

According to its banner, the version of Samba is 3.0.x earlier than 3.0.7. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted packets to the smbd daemon during the ASN.1 parsing routine causing many processes to spawn resulting in a loss of availability for the platform. (CVE-2004-0807)
- A flaw exists that may allow a remote denial of service. The issue is triggered when an attacker sends a malformed UDP packet and will result in loss of availability for Samba's nmbd daemon. The 'process_logon_packet' function does not properly validate that the packet is appropriately sized to contain the number of structures it claims, when processing a 'SAM_UAS_CHANGE' request. If the packet claims a large number of structures and a smaller number are contained in the packet, nmbd will reference memory outside of the packet, possibly causing the daemon to crash. (CVE-2004-0808)

Solution

Upgrade Samba to version 3.0.7 or later.

See Also

http://us3.samba.org/samba/history/3.0_DOS_sept04_announce.txt

Plugin Details

Severity: Medium

ID: 9341

Family: Samba

Published: 6/9/2016

Updated: 3/6/2019

Nessus ID: 14711

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 9/13/2004

Vulnerability Publication Date: 9/13/2004

Reference Information

CVE: CVE-2004-0807, CVE-2004-0808

BID: 11156, 11216