| VID |
23101 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The Samba server, according to its version number, has to a remote buffer overflow vulnerability by malformed ACLs.
Samba is an Open Source/Free Software package that provides seamless file and print services to SMB/CIFS clients. Samba versions 2.x and 3.x through 3.0.9 arise an integer overflow when smbd attempts to process requests with excessively large DACLs (directory access control list). The default size of the access control descriptors is approximately 112-bytes. By providing more than 38347922 descriptors in the request, a remote authenticated attacker could cause the multiplied size to overflow the designated integer variable, resulting in an insufficiently sized buffer being created to store the excessive data. This would lead to heap corruption and execution of arbitrary commands on the system with root privileges or possibly cause a denial of service.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/384648
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
* Platforms Affected:
Samba Project, Samba 2.x
Samba Project, Samba versions 3.0.x through 3.0.9
Linux Any version
Unix Any version |
| Recommendation |
For Samba 3.0.9:
Apply the samba-3.0.9-CAN-2004-1154 patch for this vulnerability, available from the Samba FTP Security Patch site at http://us1.samba.org/samba/ftp/patches/security/
Upgrade to the new version of Samba (3.0.10 or later), when new version fixed this problem becomes available Samba Web site at http://samba.org/samba/samba.html |
| Related URL |
CVE-2004-1154 (CVE) |
| Related URL |
11973 (SecurityFocus) |
| Related URL |
18519 (ISS) |
|
