Vulnerability Note VU#298233
Samba contains buffer overflow in SMB/CIFS packet fragment reassembly code
A buffer overflow vulnerability has been discovered in Samba. An updated version has been released.
A remotely exploitable buffer overflow vulnerability was discoved to affect Samba versions 2.0.x through 2.2.7a. From their bulletin:
The SuSE security audit team, in particular Sebastian Krahmer, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
A remote attacker may be able to execute arbitrary code with the privileges of the Super User, typically root.
Upgrade to Samba version 2.2.8.
The "Protecting an unpatched Samba server" section of the Samba bulletin discusses several work arounds for unpatched servers.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||-||25 Mar 2003|
|Conectiva||Affected||-||17 Mar 2003|
|Debian||Affected||-||17 Mar 2003|
|FreeBSD||Affected||-||10 Apr 2003|
|Gentoo Linux||Affected||-||17 Mar 2003|
|Hewlett-Packard Company||Affected||-||19 Mar 2003|
|IBM||Affected||-||10 Apr 2003|
|MandrakeSoft||Affected||-||17 Mar 2003|
|MontaVista Software||Affected||-||17 Mar 2003|
|OpenPKG||Affected||-||19 Mar 2003|
|Red Hat Inc.||Affected||-||25 Mar 2003|
|Samba Team||Affected||-||17 Mar 2003|
|SGI||Affected||-||20 Mar 2003|
|Sun Microsystems Inc.||Affected||-||15 May 2003|
|SuSE Inc.||Affected||-||19 Mar 2003|
CVSS Metrics (Learn More)
Thanks to Sebastian Krahmer for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2003-0085
- Date Public: 16 Mar 2003
- Date First Published: 17 Mar 2003
- Date Last Updated: 15 May 2003
- Severity Metric: 23.62
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.