Samba SMB/CIFS packet assembly buffer overflow
by Mario Miri on April 9th, 2003 Samba smbd service is prone to a remote buffer overflow attack which may result in arbitrary code execution with root privileges. Smbd does not correctly assemble specially crafted SMB/CIFS packet which results in memory overwriting with attacker supplied instructions.
Vulnerable:
HP CIFS/9000 Server A.01.09.01
HP CIFS/9000 Server A.01.09
HP CIFS/9000 Server A.01.08.01
HP CIFS/9000 Server A.01.08
HP CIFS/9000 Server A.01.07
HP CIFS/9000 Server A.01.06
HP CIFS/9000 Server A.01.05
Samba 2.0 .0
Samba 2.0.1
Samba 2.0.2
Samba 2.0.3
Samba 2.0.4
Samba 2.0.5
Samba 2.0.6
Samba 2.0.7
Samba 2.0.8
Samba 2.0.9
Samba 2.0.10
Samba 2.2.0
Samba 2.2.0a
Samba 2.2.1a
Samba 2.2.2
Samba 2.2.3
Samba 2.2.3a
Samba 2.2.4
Samba 2.2.5
Samba 2.2.6
Samba 2.2.7
Samba 2.2.7a
Samba 2.2.8
Solution:
Most Samba package distributors have provided advisories and patches.
Samba 2.2.9 is not vulnerable, so upgrade is possible to fix the flaw. Patches for earlier versions are available from the following location:
http://download.samba.org/samba/ftp/
Discovered by:
Sebastian Krahmer, [email protected]
