Web lists-archives.com

[Samba] CVE-2008-4250?

Good morning/day/night to all!

After moving all my infrastructure to Debian9, changed my ADDC from Win2K12 to Samba4 scanning my network I found the following:


koratsuki@happyharry:~$ nmap --script smb-vuln-ms08-067.nse -p445 smb-addc.tld

Starting Nmap 7.50 ( https://nmap.org ) at 2018-06-18 08:14 CDT
Nmap scan report for smb-addc.tld
Host is up (0.00073s latency).

445/tcp open  microsoft-ds

Host script results:
| smb-vuln-ms08-067:
|   Microsoft Windows system vulnerable to remote code execution (MS08-067)
|     IDs:  CVE:CVE-2008-4250
| The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, | Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary | code via a crafted RPC request that triggers the overflow during path canonicalization.
|     Disclosure date: 2008-10-23
|     References:
| https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250

Nmap done: 1 IP address (1 host up) scanned in 1.18 seconds


Now, I wonder... Why is happening that? That server is installed with samba 4.8.2, lastest stable release, Debian 9.4, and the compile chain is:

./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-debug --enable-selftest --cross-answers --cross-execute --disable-cups --disable-iprint --sbindir=/usr/sbin --mandir=/usr/share/man -j4 --enable-selftest --without-systemd

I´am doing something wrong or need more stuff in the smb.conf? The smb.conf is using the default config... Can someone point me on the right direction in order to fix this?

Best regards.

* Téc. Leslie León Sinclair
* Administrador de Redes - AzumatHB
* Another happy Slackware & Debian GNU/Linux user
* Blog: https://admlinux.cubava.cu
* Proud GNU/Linux User #445535
* ☎ +49-170-7683042

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba