Test ID:	1.3.6.1.4.1.25623.1.0.15705
Category:	Denial of Service
Title:	Samba Multiple Remote Vulnerabilities
Summary:	NOSUMMARY
Description:	Description: The remote Samba server, according to its version number, may be vulnerable to a remote Denial Of Service vulnerability and a remote buffer overflow. The Wild Card DoS vulnerability may allow an attacker to make the remote server consume excessive CPU cycles. The QFILEPATHINFO Remote buffer overflow vulnerability may allow an attacker to execute code on the server. An attacker needs a valid account or enough credentials to exploit those flaws. Solution : upgrade to Samba 3.0.8 See also : http://us4.samba.org/samba/security/CVE-2004-0882.html See also : http://us4.samba.org/samba/security/CVE-2004-0930.html Risk factor : High
Cross-Ref:	BugTraq ID: 11624 BugTraq ID: 11678 Common Vulnerability Exposure (CVE) ID: CVE-2004-0930 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://www.securityfocus.com/bid/11624 Bugtraq: 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=109993720717957&w=2 Conectiva Linux advisory: CLA-2004:899 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899 http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false http://www.mandriva.com/security/advisories?name=MDKSA-2004:131 http://marc.info/?l=bugtraq&m=110330519803655&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936 SCO Security Bulletin: SCOSA-2005.17 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt SGI Security Advisory: 20041201-01-P ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1 SuSE Security Announcement: SUSE-SA:2004:040 (Google Search) http://www.novell.com/linux/security/advisories/2004_40_samba.html https://www.ubuntu.com/usn/usn-22-1/ XForce ISS Database: samba-msfnmatch-dos(17987) https://exchange.xforce.ibmcloud.com/vulnerabilities/17987 Common Vulnerability Exposure (CVE) ID: CVE-2004-0882 Bugtraq: 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=110054671403755&w=2 Bugtraq: 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (Google Search) http://marc.info/?l=bugtraq&m=110055646329581&w=2 Bugtraq: 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) (Google Search) CERT/CC vulnerability note: VU#457622 http://www.kb.cert.org/vuls/id/457622 Computer Incident Advisory Center Bulletin: P-038 http://www.ciac.org/ciac/bulletins/p-038.shtml http://security.e-matters.de/advisories/132004.html http://www.osvdb.org/11782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969 http://securitytracker.com/id?1012235 http://secunia.com/advisories/13189 http://www.trustix.net/errata/2004/0058/ XForce ISS Database: samba-qfilepathinfo-bo(18070) https://exchange.xforce.ibmcloud.com/vulnerabilities/18070
Copyright	This script is Copyright (C) 2004 Tenable Network Security

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.