| VID |
23225 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.5.5 / 3.4.9 / 3.3.14. The 'sid_parse()' and related 'dom_sid_parse()' functions in such versions fail to correctly check their input lengths when reading a binary representation of a Windows SID (Security ID).
An attacker who is able to get a connection to a file share, either authenticated or via a guest connection, can leverage this issue to launch a stack buffer overflow attack against the affected smbd service and possibly execute arbitrary code.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
https://bugzilla.samba.org/show_bug.cgi?id=7669
http://www.samba.org/samba/security/CVE-2010-3069.html
http://www.samba.org/samba/history/samba-3.5.5.html
http://www.samba.org/samba/history/samba-3.4.9.html
http://www.samba.org/samba/history/samba-3.3.14.html
* Platforms Affected:
Samba Project, Samba versions of 3.x before 3.5.5 / 3.4.9 / 3.3.14
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 3.5.5 / 3.4.9 / 3.3.14 or later, available from the Samba Web site at http://us1.samba.org/samba/ |
| Related URL |
CVE-2010-3069 (CVE) |
| Related URL |
43212 (SecurityFocus) |
| Related URL |
(ISS) |
|
