Bug 12481 - WINS and MS11-035: OpenVAS reports security problem against samba
Summary: WINS and MS11-035: OpenVAS reports security problem against samba
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.1.14
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-12-22 12:06 UTC by Noël Köthe
Modified: 2019-07-31 07:46 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Noël Köthe 2016-12-22 12:06:54 UTC
We run security scans with a greenbone.net system which is basically a
OpenVAS.org appliance. OpenVAS reports the following security problem against the samba WINS server:

Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)


The detection is done by checking the remote banner with this plugin: http://plugins.openvas.org/nasl.php?oid=802260

My first idea is that the samba banner needs to be updated to the updated one but I'm not sure you agree.

Andrew answered me to this report on the mailinglist:

"It isn't a banner issue, it is a difference in behaviour when sending a
padded packet.  We need a test written showing that we don't match
modern windows here, and then the Samba server patched to match. 

You can file a bug, but this area hasn't had interest for a very long
time, so unless these items are included in a patch, I don't think a
false-positive OpenVAS report will get very far.


Andrew Bartlett"


Maybe somebody has time and knowledge to fix it.

Thank you.
Comment 1 Stefan Metzmacher 2016-12-22 14:15:26 UTC
Can you provide captures of this security scan
against samba and against (a patched) Windows?