This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
samba: Command Injection in WINS Server Hook Script
The mitigation is to disable the vulnerable configuration by removing or leaving the wins hook parameter empty in smb.conf and ensuring that wins support is set to no on all Domain Controllers. Since the issue only affects Samba when both WINS support and the hook are enabled, disabling these options prevents exploitation. Administrators should also restrict external access to UDP port 137 to trusted networks.
Command injection via WINS server hook script
| Name | Vendor | Version |
|---|---|---|
| Samba | Ubuntu/devel | TBD |
| Samba | Ubuntu/esm-infra/focal | TBD |
| Samba | Ubuntu/esm-infra/xenial | TBD |
| Samba | Ubuntu/noble | 2:4.19.5+dfsg-4ubuntu9.4 |
| Samba | Ubuntu/questing | 2:4.22.3+dfsg-4ubuntu2.1 |
| Samba | Ubuntu/upstream | TBD |
| Samba | Ubuntu/esm-infra-legacy/trusty | TBD |
| Samba | Ubuntu/esm-infra/bionic | TBD |
| Samba | Ubuntu/jammy | 2:4.15.13+dfsg-0ubuntu1.10 |
| Samba | Ubuntu/plucky | 2:4.21.4+dfsg-1ubuntu3.5 |