CVE-2011-0719
samba - missing input sanisiting
EPSS 15.1%
Description
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
How to fix CVE-2011-0719
To remediate CVE-2011-0719, upgrade the affected package to a fixed version below.
- Debian/samba—upgrade to 2:3.5.7~dfsg-1 or later
- Debian/samba—upgrade to 2:3.2.5-4lenny14 or later
Is CVE-2011-0719 being exploited?
Moderate — EPSS is 15.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2:3.5.7~dfsg-1
- from 0, < 2:3.2.5-4lenny14