Samba NDR PULL DFS EnumArray1 Heap Overflow Remote Code Execution Vulnerability

ID ZDI-12-064
Type zdi
Reporter Anonymous
Modified 2012-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability.

The specific flaw exists within Samba's handling of a NDR PULL DFS EnumArray1 request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.