Lucene search

K
gentooGentoo FoundationGLSA-200712-10
HistoryDec 10, 2007 - 12:00 a.m.

Samba: Execution of arbitrary code

2007-12-1000:00:00
Gentoo Foundation
security.gentoo.org
22
samba
boundary checking
code execution
buffer overflow
domain logon
privilege escalation
gentoo
workaround
resolution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.972

Percentile

99.9%

Background

Samba is a suite of SMB and CIFS client/server programs for UNIX.

Description

Alin Rad Pop (Secunia Research) discovered a boundary checking error in the send_mailslot() function which could lead to a stack-based buffer overflow.

Impact

A remote attacker could send a specially crafted β€œSAMLOGON” domain logon packet, possibly leading to the execution of arbitrary code with elevated privileges. Note that this vulnerability is exploitable only when domain logon support is enabled in Samba, which is not the case in Gentoo’s default configuration.

Workaround

Disable domain logon in Samba by setting "domain logons = no " in the β€œglobal” section of your smb.conf and restart Samba.

Resolution

All Samba users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.28"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-fs/samba<Β 3.0.28UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.972

Percentile

99.9%