| VID |
23234 |
| Severity |
20 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.5.22 / 3.6.17 / 4.0.8. As such, it is potentially affected by a denial of service vulnerability.
An integer overflow error exists in the function 'read_nttrans_ea_lis' in the file 'nttrans.c' that could allow denial of service attacks to be carried out via specially crafted network traffic.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://www.samba.org/samba/security/CVE-2013-4124
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
* Platforms Affected:
Samba Project, Samba versions before 3.5.22 / 3.6.17 / 4.0.8
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 3.5.22 / 3.6.17 / 4.0.8 or later, available from the Samba Web site at http://www.samba.org/samba/ |
| Related URL |
CVE-2013-4124 (CVE) |
| Related URL |
61597 (SecurityFocus) |
| Related URL |
(ISS) |
|
