In association with heise online

29 May 2008, 15:13

Samba vulnerable to malicious code injection

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider Secunia has reported the discovery of a vulnerability in the Samba open source file and print server. A buffer overflow allows attackers to inject arbitrary code. To accomplish the code injection, users of Samba must be convinced to follow a link on a web page or in an email – such as an smb:// link – that points to a crafted Samba server. Manipulated packets sent to the server can also provoke the buffer overflow.

The flaw is in the client code, but according to the Samba advisory, as the smbd server process also acts as a client for some transactions, both client and server installations are affected. Due to inadequate buffer size allocation by the receive_smb_raw() function in file lib/util_sock.c, large SMB packets can provoke a heap-based buffer overflow. Arbitrary injected code can thereby be executed. The vulnerability can be exploited if the nmbd server is configured as a local or domain master browser receives crafted packets.

The flaw affects Samba 3.0.28a and 3.0.29. Secunia also assumes that previous versions are vulnerable. According to the security advisory, a patch will soon be released, as will the patched version 3.0.30. Linux distributors can also be expected to begin distributing new packages soon. Administrators of Samba installations should install these updates as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit