The host has Samba installed and is prone to Security Bypass Vulnerability.

When dos filemode is set to yes in the smb.conf, attackers can exploit this issue to bypass certain security restrictions and compromise a user's system. Impact Level: System

Upgrade to 3.3.6 of Samba, http://us3.samba.org/samba/ ****************************************************************************** Note: This may be a false positive as the package version is only being checked. Each operating system vendor might have shipped Samba with backported versions. ******************************************************************************

The flaw is due to uninitialised memory access error in 'smbd' when denying attempts to modify a restricted access control list. This can be exploited to modify the ACL of an already writable file without required permissions.

Samba 3.0.0 before 3.0.35 on Linux. Samba 3.1.x on Linux. Samba 3.2.4 before 3.2.13 on Linux. Samba 3.3.0 before 3.3.6 on Linux.

• http://secunia.com/advisories/35539
• http://www.vupen.com/english/advisories/2009/1664

---

Updated on 2015-03-25