| VID |
23289 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd and gain root access on a Samba serving system.
* References:
https://www.samba.org/samba/history/samba-2.2.8a.html
* Platforms Affected:
Samba Project, Samba versions 2.x before 2.2.8a
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 2.2.8a or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2003-0196,CVE-2003-0201 (CVE) |
| Related URL |
7294,7295 (SecurityFocus) |
| Related URL |
(ISS) |
|
