| VID |
23224 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
According to its banner, the version of Samba running on the remote host is a version of 3.x before 3.3.13. Such versions are affected by a memory corruption vulnerability when handling specially crafted SMB1 packets.
A remote unauthenticated attacker, exploiting this flaw, could crash the affected service or potentially execute arbitrary code subject to the privileges of the user running the affected application.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://www.samba.org/samba/security/CVE-2010-2063.html
http://www.samba.org/samba/history/security.html
https://rhn.redhat.com/errata/RHSA-2010-0488.html
* Platforms Affected:
Samba Project, Samba versions of 3.x before 3.3.13
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 3.3.13 or later, available from the Samba Web site at http://us1.samba.org/samba/
Install the hotfix following link(https://rhn.redhat.com/errata/RHSA-2010-0488.html) |
| Related URL |
CVE-2010-2063 (CVE) |
| Related URL |
40884 (SecurityFocus) |
| Related URL |
(ISS) |
|
