Buffer overrun in NSS host lookup Winbind library on Solaris

2007-02-05T00:00:00
ID SAMBA:CVE-2007-0453
Type samba
Reporter Samba
Modified 2007-02-05T00:00:00

Description

NOTE: This security advisory only affects Sun Solaris systems running Samba's winbindd daemon and configured to make use of the nss_winbind.so.1 library for gethostbyname() and getipnodebyname() name resolution queries. For example, ## /etc/nsswitch.conf ... ipnodes: files winbind hosts: files winbind The buffer overrun is caused by copying a string passed into the NSS interface into a static buffer prior to sending the request to the winbindd daemon.