| VID |
23206 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
A version of Samba server which is older than 3.0.28 is detected as running on the host. Samba is an Open Source/Free Software package that provides seamless file and print services to SMB/CIFS clients. Samba versions prior to 3.0.28 are vulnerable to stack-based buffer overflow vulnerability, caused by improper bounds checking in 'nmbd' within the 'send_mailslot' function. By sending a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string, a remote attacker could execute arbitrary code on the system or cause the affected server to crash. Successful exploitation requires that the "domain logons" option is enabled.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://us1.samba.org/samba/security/CVE-2007-6015.html
http://www.securityfocus.com/archive/1/484818/30/0/threaded
http://secunia.com/advisories/27760/
* Platforms Affected:
Samba Project, Samba versions prior to 3.0.28
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba (3.0.28 or later), available from the Samba Web site at http://us1.samba.org/samba/
As a workaround, disable both the "domain logons" options in the server's smb.conf file. Note that this will disable all domain controller features as well. |
| Related URL |
CVE-2007-6015 (CVE) |
| Related URL |
26791 (SecurityFocus) |
| Related URL |
(ISS) |
|
