7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.915 High
EPSS
Percentile
98.9%
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 3.5.5 has been issued as security release to correct the
defect. Patches against older Samba versions are available at
http://samba.org/samba/patches/. Samba administrators running affected
versions are advised to upgrade to 3.5.5 or apply the patch as soon
as possible.
None.
This problem was found by an internal audit of the Samba code by
Andrew Bartlett of Cisco. Thanks to Andrew for his careful code
review.