Rule Category

SERVER-SAMBA -- Snort has detected traffic exploiting vulnerabilities in Samba servers.

Alert Message

SERVER-SAMBA Samba spoolss denial of service attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a denial of service vulnerability present in the Samba spoolss service. Impact: Detection of a Denial of Service Attack Details: Rule checks for an attempt to trigger a denial of service vulnerability present in the Samba spoolss service. Ease of Attack: Medium

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2018-1050
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
Details
Severity Base Score
Impact Score Exploit Score
Confidentiality Impact Integrity Impact
Availability Impact Access Vector
Authentication Ease of Access