| VID |
23219 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
According to its banner, the version of the Samba server on the remote host is between 3.0.29 and 3.2.4 inclusive. Such versions reportedly can potentially leak arbitrary memory contents of the 'smbd' process due to a missing bounds check on client-generated offsets of secondary 'trans', 'trans2', and 'nttrans' requests.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://www.samba.org/samba/security/CVE-2008-4314.html
http://www.samba.org/samba/history/samba-3.0.33.html
http://www.samba.org/samba/history/samba-3.2.5.html
* Platforms Affected:
Samba Project, Samba versions between 3.0.29 and 3.2.4
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba (3.0.35 / 3.2.13 / 3.3.6 or later), available from the Samba Web site at http://us1.samba.org/samba/ |
| Related URL |
CVE-2008-4314 (CVE) |
| Related URL |
32494 (SecurityFocus) |
| Related URL |
(ISS) |
|
