| VID |
23038 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The Samba server is vulnerable to a buffer overflow vulnerability in the trans2open function.
Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba-TNG was originally a fork off of the Samba source tree, and aims at being a substitute for a Windows NT domain controller.
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in the Samba SMB/CIFS server. Additional buffer overflows were detected by an internal code audit by the Samba team in response to the original report. These vulnerabilities can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.
* References:
http://www.securityfocus.com/archive/1/317615
http://www.digitaldefense.net/labs/advisories.html
http://www.digitaldefense.net/labs/securitytools.html
* Platforms Affected:
Samba prior to 2.2.8a
Samba 2.0 prior to 2.0.10
Samba-TNG prior to 0.3.2 |
| Recommendation |
Samba version 2.2.8a, and Samba-TNG version 0.3.2 are not vulnerable. The only fix for Samba 2.0 is to apply the patches that Samba is providing.
A workaround in the current source code for this specific vulnerability would be to modify the StrnCpy line found at line 250 in smbd/trans2.c in the Samba 2.2.8 source code:
-StrnCpy(fname,pname,namelen);
+StrnCpy(fname,pname,MIN(namelen, sizeof(fname)-1));
-- OR --
Upgrade to the latest version of Samba (2.2.8a or later) or Samba-TNG (0.3.2 or later), available from the following sites:
Samba is available for download from: http://www.samba.org/
Samba-TNG is available for download from: http://www.samba-tng.org/
For Red Hat Linux 7.2, 7.3, 8.0, and 9:
Upgrade to the latest Samba package, as listed below. Refer to Red Hat Security Advisory RHSA-2003:137-01 for more information, http://www.redhat.com/support/errata/RHSA-2003-137.html
For SuSE Linux:
Apply the updated package Samba package, as listed in SuSE Security Announcement SuSE-SA:2003:025, http://www.securityfocus.com/archive/1/317690
For Mandrake Linux:
Apply the updated package Samba package, as listed in Mandrake Security Advisory MDKSA-2003:044, http://www.securityfocus.com/archive/1/317707
For Debian GNU/Linux 2.2, 3.0:
Upgrade to the latest version of Samba, as listed in Debian Security Advisory DSA-280-1, http://www.debian.org/security/2003/dsa-280
For Trustix Secure Linux:
Upgrade to the latest version of Samba (2.2.8a or later), as listed in Trustix Secure Linux Security Advisory TSLSA-2003-0019, http://www.trustix.net/errata/misc/2003/TSL-2003-0019-samba.asc.txt
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0196,CVE-2003-0201 (CVE) |
| Related URL |
7294,7295 (SecurityFocus) |
| Related URL |
(ISS) |
|
