SERVER-SAMBA -- Snort has detected traffic exploiting vulnerabilities in Samba servers.
SERVER-SAMBA Samba spoolss denial of service attempt
This event is generated when an attacker attempts to exploit a denial of service vulnerability present in the Samba spoolss service.
Detection of a Denial of Service Attack
Rule checks for an attempt to trigger a denial of service vulnerability present in the Samba spoolss service.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-1050All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
||Ease of Access||