| VID |
23028 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The Samba server, according to its version number, has a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. This flaw allows remote attackers to gain root access on the target machine.
As of November 2002, this vulnerability is reported only for some Linux OS.
* Note: This check item solely relied on the version of the remote Samba server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Samba 2.2.2 ~ 2.2.6
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
* References:
http://online.securityfocus.com/bid/6210
http://www.iss.net/security_center/static/10683.php |
| Recommendation |
Upgrade to the latest version (2.2.7 or later) of Samba, available from:
http://us1.samba.org/samba/ftp/samba-2.2.7.tar.gz |
| Related URL |
CVE-2002-1318 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
