We run security scans with a greenbone.net system which is basically a OpenVAS.org appliance. OpenVAS reports the following security problem against the samba WINS server: Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.802260 The detection is done by checking the remote banner with this plugin: http://plugins.openvas.org/nasl.php?oid=802260 My first idea is that the samba banner needs to be updated to the updated one but I'm not sure you agree. Andrew answered me to this report on the mailinglist: "It isn't a banner issue, it is a difference in behaviour when sending a padded packet. We need a test written showing that we don't match modern windows here, and then the Samba server patched to match. You can file a bug, but this area hasn't had interest for a very long time, so unless these items are included in a patch, I don't think a false-positive OpenVAS report will get very far. Sorry, Andrew Bartlett" https://lists.samba.org/archive/samba/2016-December/205492.html Maybe somebody has time and knowledge to fix it. Thank you.
Can you provide captures of this security scan against samba and against (a patched) Windows?