Hello Samba, I'm running 4.2.14 (yes, will update;-) ) as a DC. In our network we run security scans with a greenbone.net system which is basically a OpenVAS.org appliance. OpenVAS reports the following security problem against the samba wins server: Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.802260 The detection is done by checking the remote banner with this plugin: http://plugins.openvas.org/nasl.php?oid=802260 My first idea is that the samba banner needs to be updated to the updated one but I'm not sure you agree. Should I report this in the samba bugzilla? Thank you. -- Noël Köthe <noel debian.org> Debian GNU/Linux, www.debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20161220/85d87d0e/signature.sig>
On Tue, 2016-12-20 at 10:58 +0100, Noël Köthe via samba wrote:> Hello Samba, > > I'm running 4.2.14 (yes, will update;-) ) as a DC. In our network we > run security scans with a greenbone.net system which is basically a > OpenVAS.org appliance. > OpenVAS reports the following security problem against the samba wins > server: > > Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) > > http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.2562 > 3.1.0.802260 > > The detection is done by checking the remote banner with this plugin: > http://plugins.openvas.org/nasl.php?oid=802260 > > My first idea is that the samba banner needs to be updated to the > updated one but I'm not sure you agree. > > Should I report this in the samba bugzilla?It isn't a banner issue, it is a difference in behaviour when sending a padded packet. We need a test written showing that we don't match modern windows here, and then the Samba server patched to match. You can file a bug, but this area hasn't had interest for a very long time, so unless these items are included in a patch, I don't think a false-positive OpenVAS report will get very far. Sorry, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hello Andrew, Am Mittwoch, den 21.12.2016, 07:49 +1300 schrieb Andrew Bartlett:> > OpenVAS reports the following security problem against the samba > > wins server: > > > > Microsoft Windows WINS Remote Code Execution Vulnerability > > (2524426) > > It isn't a banner issue, it is a difference in behaviour when sending > a padded packet. We need a test written showing that we don't match > modern windows here, and then the Samba server patched to match. > > You can file a bug, but this area hasn't had interest for a very long > time, so unless these items are included in a patch, I don't think a > false-positive OpenVAS report will get very far.Thanks for your answer. I submitted it https://bugzilla.samba.org/show_bug.cgi?id=12481 and with the CC: to greenbone, maybe they will change something on the plugin for this. thx again. Regards Noël -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20161222/a28ae26d/signature.sig>