Users login

Create an account »


Users login

Home » Hacking News » Immunix 2003-7+003-01: samba buffer overrun

Immunix 2003-7+003-01: samba buffer overrun

by Nikola Strahija on April 2nd, 2003 A buffer overrun condition has been found in the SMB/CIFS packet fragment re-assembly code of the smbd Samba, which can allow remote attacker to gain root privileges.

Immunix Secured OS Security Advisory

Packages updated: samba
Affected products: ImmunixOS 6.2, 7.0, 7
Bugs fixed: CAN-2003-0085
Date: Mon Mar 31 2003
Advisory ID: IMNX-2003-7+003-01
Author: Seth Arnold

Quoting from the Samba security advisory:
The SuSE security audit team, in particular Sebastian Krahmer
, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
in more detail:
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
The patch was prepared by "Jeremy Allison and reviewed by engineers
from the Samba Team, SuSE, HP, SGI, Apple, and the Linux vendor
engineers on the Linux Vendor security mailing list."

We would like to thank Jay Fenlason at Red Hat for separating the
security-critical portions of the patch apart from the rest of the
Samba-supplied fix.


Package names and locations:
Precompiled binary packages for Immunix 7 are available at:﵊嵪힬ﴓ챋﬚馶2.0.10-2_imnx_2.i386.rpm﵊嵪힬ﴓ챋﬚馶client-2.0.10-2_imnx_2.i386.rpm﵊嵪힬ﴓ챋﬚馶common-2.0.10-2_imnx_2.i386.rpm

Immunix OS 7 md5sums:
a74de332ef912b659dee405e996682b9 samba-2.0.10-2_imnx_2.i386.rpm
0ea784704399dd90280766d378cbf410 samba-client-2.0.10-2_imnx_2.i386.rpm
2c206898ffed86f63eb1c96bf8b542c2 samba-common-2.0.10-2_imnx_2.i386.rpm

GPG verification:
Our public key is available at

Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
or one of the many mirrors available at:

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
To report vulnerabilities, please contact [email protected] WireX
attempts to conform to the RFP vulnerability disclosure protocol

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »