Bug 12481 - WINS and MS11-035: OpenVAS reports security problem against samba
WINS and MS11-035: OpenVAS reports security problem against samba
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other
4.1.14
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-22 12:06 UTC by Noël Köthe
Modified: 2016-12-22 14:15 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Noël Köthe 2016-12-22 12:06:54 UTC
We run security scans with a greenbone.net system which is basically a
OpenVAS.org appliance. OpenVAS reports the following security problem against the samba WINS server:

Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)

http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.802260

The detection is done by checking the remote banner with this plugin: http://plugins.openvas.org/nasl.php?oid=802260

My first idea is that the samba banner needs to be updated to the updated one but I'm not sure you agree.

Andrew answered me to this report on the mailinglist:

"It isn't a banner issue, it is a difference in behaviour when sending a
padded packet.  We need a test written showing that we don't match
modern windows here, and then the Samba server patched to match. 

You can file a bug, but this area hasn't had interest for a very long
time, so unless these items are included in a patch, I don't think a
false-positive OpenVAS report will get very far.

Sorry,

Andrew Bartlett"

https://lists.samba.org/archive/samba/2016-December/205492.html

Maybe somebody has time and knowledge to fix it.

Thank you.
Comment 1 Stefan Metzmacher 2016-12-22 14:15:26 UTC
Can you provide captures of this security scan
against samba and against (a patched) Windows?