Stack buffer overflow in nmbd's logon

Description

Samba developers have discovered what is believed to be
a non-exploitable buffer over in nmbd during the processing
of GETDC logon server requests. This code is only used
when the Samba server is configured as a Primary or Backup
Domain Controller.

Patch Availability

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 3.0.27 has been issued as a security
release to correct the defect.

Workaround

Samba administrators may avoid this security issue by disabling
both the “domain logons” and the “domain master” options in in
the server’s smb.conf file. Note that this will disable all
domain controller features as well.

Credits

This vulnerability was discovered by Samba developers during
an internal code audit.

The time line is as follows:

• Sep 13, 2007: Initial report to [email protected] including
  proposed patch.
• Sep 14, 2007: Patch review by members of the Josh Bressers
  (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
• Nov 15, 2007: Public security advisory made available.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team