SERVER-SAMBA -- Snort has detected traffic exploiting vulnerabilities in Samba servers.
SERVER-SAMBA Samba spoolss denial of service attempt
This event is generated when an attacker attempts to exploit a denial of service vulnerability present in the Samba spoolss service. Impact: Detection of a Denial of Service Attack Details: Rule checks for an attempt to trigger a denial of service vulnerability present in the Samba spoolss service. Ease of Attack: Medium
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2018-1050All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. |
|