| VID |
23081 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The Samba server, according to its version number, may be vulnerable to a buffer overflow in the option 'mangling method'.
Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf (which is not the case by default), is vulnerable to a buffer overflow attack. A remote attacker could use this flaw to execute arbitrary code on the affected host.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive. And the default setting for the 'mangling method' option is 'mangling method = hash2', and therefore by default not vulnerable.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109052647928375&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=109053195818351&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=109051340810458&w=2
* Platforms Affected:
Samba 2.2.x to 2.2.9
Samba 3.0.0 to 3.0.4
Linux Any version
UNIX Any version |
| Recommendation |
Upgrade to the latest version of Samba (3.0.5 or 2.2.10 or later), available from the Samba Web site at http://samba.org/samba/samba.html
For Red Hat Linux:
Upgrade to the latest version of samba, as listed in Red Hat Security Advisory RHSA-2004:259-23 at http://www.redhat.com/support/errata/RHSA-2004-259.html
For Conectiva Linux:
Upgrade to the latest samba package by referring to Conectiva Linux Security Announcement CLSA-2004:851 at http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851
For other distributions:
Contact your vendor for patch or upgrade information. |
| Related URL |
CVE-2004-0686 (CVE) |
| Related URL |
10781 (SecurityFocus) |
| Related URL |
(ISS) |
|
