Samba vulnerability

ID USN-556-1
Type ubuntu
Reporter Ubuntu
Modified 2007-12-18T00:00:00


Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.