[Samba] samba wins and MS11-035

Andrew Bartlett abartlet at samba.org
Tue Dec 20 18:49:23 UTC 2016


On Tue, 2016-12-20 at 10:58 +0100, Noël Köthe via samba wrote:
> Hello Samba,
> 
> I'm running 4.2.14 (yes, will update;-) ) as a DC. In our network we
> run security scans with a greenbone.net system which is basically a
> OpenVAS.org appliance.
> OpenVAS reports the following security problem against the samba wins
> server:
> 
> Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
> 
> http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.2562
> 3.1.0.802260
> 
> The detection is done by checking the remote banner with this plugin:
> http://plugins.openvas.org/nasl.php?oid=802260
> 
> My first idea is that the samba banner needs to be updated to the
> updated one but I'm not sure you agree.
> 
> Should I report this in the samba bugzilla?

It isn't a banner issue, it is a difference in behaviour when sending a
padded packet.  We need a test written showing that we don't match
modern windows here, and then the Samba server patched to match. 

You can file a bug, but this area hasn't had interest for a very long
time, so unless these items are included in a patch, I don't think a
false-positive OpenVAS report will get very far.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list