Samba Fragment Reassembly Overflow

2003-07-27T12:00:00
ID OSVDB:6323
Type osvdb
Reporter Sebastian Krahmer(krahmer@suse.de)
Modified 2003-07-27T12:00:00

Description

Vulnerability Description

A remote buffer overflow exists in Samba. The service fails to check a field length inside of the request before using this length in a memcpy() operation, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed with super-user privileges, resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 2.2.7a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote buffer overflow exists in Samba. The service fails to check a field length inside of the request before using this length in a memcpy() operation, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed with super-user privileges, resulting in a loss of confidentiality and integrity.

References:

Secunia Advisory ID:8299 ISS X-Force ID: 12749 ISS X-Force ID: 11550 Generic Exploit URL: http://www.securiteam.com/exploits/5TP0M2AAKS.html CVE-2003-0085 CERT VU: 298233 Bugtraq ID: 7106