Samba Multiple Vulnerabilities Network Vulnerability

Summary

Samba is prone to multiple vulnerabilities including a vulnerability that may allow attackers to bypass certain security restrictions, an information-disclosure vulnerability and a remote denial-of-service vulnerability. Successful exploits may allow attackers to gain access to resources that aren't supposed to be shared, allow attackers to obtain sensitive information that may aid in further attacks and to cause the application to consume excessive CPU resources, denying service to legitimate users. Versions prior to Samba 3.4.2, 3.3.8, 3.2.15, and 3.0.37 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://us1.samba.org/samba/
http://www.samba.org/samba/history/security.html
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.samba.org/samba/security/CVE-2009-2906.html
http://www.samba.org/samba/security/CVE-2009-2948.html
http://www.securityfocus.com/bid/36363
http://www.securityfocus.com/bid/36572
http://www.securityfocus.com/bid/36573

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2813, CVE-2009-2906, CVE-2009-2948

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
Apache Tomcat servlet/JSP container default files
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)

Samba multiple vulnerabilities

Take action and discover your vulnerabilities