Samba nmbd Mailslot Packet Denial of Service Vulnerability

15 September 2009

Samba nmbd Mailslot Packet Denial of Service Vulnerability

Description:

Certain versions of Samba contain a flawed implementation of the process_logon_packet function in the nmbd daemon. As a result, an unauthenticated attacker can craft a corrupt SAM_UAS_CHANGE request that causes the nmbd daemon to crash. Note that in order for exploitation to be successful, domain logons must be enabled in the configuration file ("domain logons = yes" in smb.conf).

References:

BID: http://www.securityfocus.com/bid/11156
CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0808
OSVDB: http://www.osvdb.org/displayvuln.php?osvdb_id=9917
SECUNIA: http://secunia.com/advisories/12516/
URL: http://samba.org/samba/security/CVE-2004-0807_CVE-2004-0808.html

Solution:

Upgrade to Samba 3.0.7

Download and apply the upgrade from: http://us4.samba.org/samba/ftp/stable/samba-3.0.7.tar.gz

Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.

Free Download Update - Keep to Upto date

15 September 2009

Samba nmbd Mailslot Packet Denial of Service Vulnerability

0 comments:

It's Interested to Read

FeedBurner FeedCount

Subscribe Now

Subscribe via email

AVG Top Threats

Avira - Latest Threats Descriptions

CNET Download.com Security New Releases

Archive

Label Cloud