The Samba-Bugzilla – Bug 12481
WINS and MS11-035: OpenVAS reports security problem against samba
Last modified: 2016-12-22 14:15:26 UTC
We run security scans with a greenbone.net system which is basically a
OpenVAS.org appliance. OpenVAS reports the following security problem against the samba WINS server:
Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
The detection is done by checking the remote banner with this plugin: http://plugins.openvas.org/nasl.php?oid=802260
My first idea is that the samba banner needs to be updated to the updated one but I'm not sure you agree.
Andrew answered me to this report on the mailinglist:
"It isn't a banner issue, it is a difference in behaviour when sending a
padded packet. We need a test written showing that we don't match
modern windows here, and then the Samba server patched to match.
You can file a bug, but this area hasn't had interest for a very long
time, so unless these items are included in a patch, I don't think a
false-positive OpenVAS report will get very far.
Maybe somebody has time and knowledge to fix it.
Can you provide captures of this security scan
against samba and against (a patched) Windows?