samba - buffer overflow

2007-12-1000:00:00

Google

osv.dev

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Alin Rad Pop discovered that Samba, a LanManager-like file and printer server
for Unix, is vulnerable to a buffer overflow in the nmbd code which handles
GETDC mailslot requests, which might lead to the execution of arbitrary code.

For the old stable distribution (sarge), this problem has been fixed in version
3.0.14a-3sarge11. Packages for m68k will be provided later.

For the stable distribution (etch), this problem has been fixed in version
3.0.24-6etch9.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your samba packages.

CPENameOperatorVersion
sambaeq3.0.14a-3sarge4
sambaeq3.0.14a-3sarge8
sambaeq3.0.14a-3sarge1
sambaeq3.0.14a-3sarge6
sambaeq3.0.14a-3
sambaeq3.0.14a-3sarge3
sambaeq3.0.14a-3sarge7
sambaeq3.0.14a-3sarge10
sambaeq3.0.14a-3sarge2
sambaeq3.0.14a-3sarge9

Name	Operator	Version
samba	eq	3.0.14a-3sarge4
samba	eq	3.0.14a-3sarge8
samba	eq	3.0.14a-3sarge1
samba	eq	3.0.14a-3sarge6
samba	eq	3.0.14a-3
samba	eq	3.0.14a-3sarge3
samba	eq	3.0.14a-3sarge7
samba	eq	3.0.14a-3sarge10
samba	eq	3.0.14a-3sarge2
samba	eq	3.0.14a-3sarge9