In association with heise online

11 December 2007, 10:43

Vulnerability closed in Samba file and printer server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of Samba have released a new version of their open source file and printer server to close a vulnerability. According to the security advisory, specially crafted packets sent to the server can be used to inject code via the LAN and execute it with the server's rights. The flaw is caused by a buffer overflow in the nmb service's function send_mailslot. A SAMLOGON domain logon packet can then be used to provoke an overflow if the username is at a critical position followed by a very long GETDC request.

The attack only works if the option domain logons = yes is set, which is generally only the case if Samba is working as a domain controller. The flaw affects all versions of Samba from 3.0.0 up to and including 3.0.27a. The hole has been closed in version 3.0.28. Users can also set the option to domain logons = no. As recently as mid-November, version 3.0.27a remedied a security hole related to domain logins.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit