Samba WINS Hook Vulnerability

Samba is a popular open-source implementation of the SMB/CIFS protocol, commonly used for file and printer sharing. The vulnerability in question occurs when NetBIOS names from registration packets are passed to a shell without proper validation or escaping, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.

You're affected if you use A flaw was found. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

1. Upgrade to Samba 4.15.0-SECU-2 or later from the official Red Hat repository (https://access.redhat.com/solutions/SCC_2025-10230).
2. Immediate mitigations:
3. Restrict network access to your Samba instance (firewall it from the public internet)
4. Audit admin account activity for suspicious access patterns
5. Monitor for unauthorized token creation

• access.redhat.com
• bugzilla.redhat.com
• www.samba.org
• www.vicarius.io
• www.vicarius.io