[Samba] samba wins and MS11-035
Andrew Bartlett
abartlet at samba.org
Tue Dec 20 18:49:23 UTC 2016
On Tue, 2016-12-20 at 10:58 +0100, Noël Köthe via samba wrote:
> Hello Samba,
>
> I'm running 4.2.14 (yes, will update;-) ) as a DC. In our network we
> run security scans with a greenbone.net system which is basically a
> OpenVAS.org appliance.
> OpenVAS reports the following security problem against the samba wins
> server:
>
> Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
>
> http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.2562
> 3.1.0.802260
>
> The detection is done by checking the remote banner with this plugin:
> http://plugins.openvas.org/nasl.php?oid=802260
>
> My first idea is that the samba banner needs to be updated to the
> updated one but I'm not sure you agree.
>
> Should I report this in the samba bugzilla?
It isn't a banner issue, it is a difference in behaviour when sending a
padded packet. We need a test written showing that we don't match
modern windows here, and then the Samba server patched to match.
You can file a bug, but this area hasn't had interest for a very long
time, so unless these items are included in a patch, I don't think a
false-positive OpenVAS report will get very far.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list