In association with heise online

16 November 2007, 11:15

Samba vulnerabilities fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the open-source Samba server have released version 3.0.27 to resolve vulnerabilities which allowed attackers from the local network to slip the server specially crafted code. Both holes were in the nmbd component of the server.

One of the vulnerabilities can be exploited if WINS support is activated via the wins support parameter in smb.conf. According to Secunia, attackers can exploit a boundary error within the reply_netbios_packet() function to cause a buffer overflow by sending multiple specially crafted name registration requests followed by name query requests. The buffer overflow can then be exploited to execute injected code.

Another buffer overflow can be triggered via specially crafted GETDC logon server requests when Samba is set up as a domain controller. The Samba developers have not released any details about this vulnerability but consider it unexploitable for attackers.

Samba versions 3.0.0 to 3.0.26a are affected. Administrators should update their Samba installations as soon as possible. Linux distributors are expected to release new Samba packages that don't contain the vulnerabilities in the near future.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit