Samba ndr_pull_dfs_Info3 Heap Overflow Remote Code Execution Vulnerability

ID ZDI-12-061
Type zdi
Reporter Anonymous
Modified 2012-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability.

The specific flaw exists within Samba's handling of a NDR PULL DFS INFO3 request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.