3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.084 Low
EPSS
Percentile
94.5%
According to its banner, the version of Samba on the remote host is 3.6.x prior to 3.6.24, 4.0.x prior to 4.0.19, or 4.1.x prior to 4.1.9. It is, therefore, affected by the following vulnerabilities :
A denial of service flaw exists with ‘nmbd’. A remote attacker, with a specially crafted packet, could cause the CPU to loop the same code segment, preventing further NetBIOS name services. (CVE-2014-0244)
A denial of service flaw exists with ‘smbd’ when an authenticated client makes a non-unicode request for a valid unicode path. An invalid return code from the conversion of bad unicode to Windows character set can cause memory at an offset from the expected return buffer to be overwritten. This could allow a remote authenticated attacker to cause a denial of service.
(CVE-2014-3493)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(76202);
script_version("1.6");
script_cvs_date("Date: 2019/11/26");
script_cve_id("CVE-2014-0244", "CVE-2014-3493");
script_bugtraq_id(68148, 68150);
script_name(english:"Samba 3.6.x < 3.6.24 / 4.0.x < 4.0.19 / 4.1.x < 4.1.9 Multiple Vulnerabilities");
script_summary(english:"Checks the version of Samba.");
script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is affected by multiple denial of service
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of Samba on the remote
host is 3.6.x prior to 3.6.24, 4.0.x prior to 4.0.19, or 4.1.x prior
to 4.1.9. It is, therefore, affected by the following vulnerabilities :
- A denial of service flaw exists with 'nmbd'. A remote
attacker, with a specially crafted packet, could
cause the CPU to loop the same code segment, preventing
further NetBIOS name services. (CVE-2014-0244)
- A denial of service flaw exists with 'smbd' when an
authenticated client makes a non-unicode request for a
valid unicode path. An invalid return code from the
conversion of bad unicode to Windows character set can
cause memory at an offset from the expected return
buffer to be overwritten. This could allow a remote
authenticated attacker to cause a denial of service.
(CVE-2014-3493)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2014-0244.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2014-3493.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-3.6.24.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.0.19.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.1.9.html");
# https://download.samba.org/pub/samba/patches/security/samba-3.6.23-CVE-2014-0244-CVE-2014-3493.patch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6eda5046");
# https://download.samba.org/pub/samba/patches/security/samba-4.0.18-CVE-2014-0244-CVE-2014-3493.patch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?be7d6e54");
# https://download.samba.org/pub/samba/patches/security/samba-4.1.8-CVE-2014-0244-CVE-2014-3493.patch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?72ca7d20");
script_set_attribute(attribute:"solution", value:
"Install the patch referenced in the project's advisory or upgrade to
3.6.24 / 4.0.19 / 4.1.9 or later.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0244");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/23");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/24");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_nativelanman.nasl");
script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;
lanman = get_kb_item_or_exit("SMB/NativeLanManager");
if ("Samba " >!< lanman) audit(AUDIT_NOT_LISTEN, "Samba", port);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (
lanman =~ '^Samba 3(\\.6)?$' ||
lanman =~ '^Samba 4(\\.0)?$' ||
lanman =~ '^Samba 4(\\.1)?$'
) audit(AUDIT_VER_NOT_GRANULAR, "Samba", port, version);
version = lanman - 'Samba ';
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
fix = NULL;
if (ver[0] == 3 && ver[1] == 6 && ver[2] < 24) fix = '3.6.24';
if (ver[0] == 4 && ver[1] == 0 && ver[2] < 19) fix = '4.0.19';
if (ver[0] == 4 && ver[1] == 1 && ver[2] < 9) fix = '4.1.9';
if (fix)
{
if (report_verbosity > 0)
{
report = '\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_note(port:port, extra:report);
}
else security_note(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Samba", port, version);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
www.nessus.org/u?6eda5046
www.nessus.org/u?72ca7d20
www.nessus.org/u?be7d6e54
www.samba.org/samba/history/samba-3.6.24.html
www.samba.org/samba/history/samba-4.0.19.html
www.samba.org/samba/history/samba-4.1.9.html
www.samba.org/samba/security/CVE-2014-0244.html
www.samba.org/samba/security/CVE-2014-3493.html