Samba ASN.1 Parsing Function Malformed Request DoS

2004-09-13T00:00:00
ID OSVDB:9916
Type osvdb
Reporter iDEFENSE(idlabs-advisories@idefense.com)
Modified 2004-09-13T00:00:00

Description

Vulnerability Description

Samba contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted packets to the smbd daemon during the ASN.1 parsing routine causing many processes to spawn resulting in a loss of availability for the platform.

Solution Description

Upgrade to version 3.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Samba contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted packets to the smbd daemon during the ASN.1 parsing routine causing many processes to spawn resulting in a loss of availability for the platform.

References:

Vendor Specific Advisory URL Security Tracker: 1011223 Secunia Advisory ID:12517 Secunia Advisory ID:12829 Secunia Advisory ID:12631 Secunia Advisory ID:13429 Secunia Advisory ID:12516 Secunia Advisory ID:12518 RedHat RHSA: RHSA-2004:467 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000873 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P.asc Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-16.xml Other Advisory URL: http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities&flashstatus=true Nessus Plugin ID:14711 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0108.html CVE-2004-0807 Bugtraq ID: 11156