Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Immunix IMNX-2003-7+-006-01: samba buffer overflow

Immunix IMNX-2003-7+-006-01: samba buffer overflow

by Nikola Strahija on April 9th, 2003 A vulnerability has been found in Samba that can lead to buffer overflow and allow remote attackers to gain root privileges.


-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: samba
Affected products: ImmunixOS 7.0, 7+
Bugs fixed: CAN-2003-0201
Date: Mon Apr 7 2003
Advisory ID: IMNX-2003-7+-006-01
Author: Seth Arnold
-----------------------------------------------------------------------

Description:
Digital Defense found an actively-exploited samba static-buffer
overflow on a honeypot system. They figured out the vulnerable section
of code and alerted the Samba team, who found some additional bugs
while fixing this bug.

In samba version 2.0.10, this buffer is located on the heap, so
StackGuard does not provide protection for this buffer overflow.
There are actively-used samba 2.2 exploits that allow remote anonymous
users to gain local root privileges. The samba 2.2 exploit analyzed by
Digital Defense used a statically allocated buffer. While we do not
know of any exploits against the 2.0.10 version, it may be possible
to re-write the exploit in use to attack the heap-based buffer in
samba 2.0.10. We recommend upgrading.

Please note this is different from (and includes the fixes from)
IMNX-2003-7+-003-01, which addressed different samba security flaws.

References:
http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0

Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_3.i386.rpm

Immunix OS 7+ md5sums:
13b41eeaf5ef6d018554fab4ae4958bc samba-2.0.10-2_imnx_3.i386.rpm
bbfeb9255328a8e73790f390aa7afb9f samba-client-2.0.10-2_imnx_3.i386.rpm
feeb2e9d872f5bdc01c44ee125f0170c samba-common-2.0.10-2_imnx_3.i386.rpm
ffa5900e389ed12620ec72bd4fdf5c15 samba-2.0.10-2_imnx_3.src.rpm


GPG verification:
Our public key is available at http://wirex.com/security/GPG_KEY.

NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
To report vulnerabilities, please contact [email protected] WireX
attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »