Samba Password Field Remote Overflow

1997-09-01T00:00:00
ID OSVDB:11521
Type osvdb
Reporter OSVDB
Modified 1997-09-01T00:00:00

Description

Vulnerability Description

A remote overflow exists in Samba. The NetBIOS service fails to validate the user-supplied password string resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 1.9.17p2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Samba. The NetBIOS service fails to validate the user-supplied password string resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Packet Storm: http://packetstormsecurity.org/Exploit_Code_Archive/samba_exploit.txt Other Advisory URL: http://www.cert.org/vendor_bulletins/VB-97.10.samba ISS X-Force ID: 337 CVE-1999-0182 CIAC Advisory: h-110 Bugtraq ID: 1816