|
|
|
![]() |
Vulnerability Note VU#298233Samba contains buffer overflow in SMB/CIFS packet fragment reassembly codeOverviewA buffer overflow vulnerability has been discovered in Samba. An updated version has been released.I. DescriptionA remotely exploitable buffer overflow vulnerability was discoved to affect Samba versions 2.0.x through 2.2.7a. From their bulletin:The SuSE security audit team, in particular Sebastian Krahmer, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. II. ImpactA remote attacker may be able to execute arbitrary code with the privileges of the Super User, typically root.III. SolutionUpgrade to Samba version 2.2.8.The "Protecting an unpatched Samba server" section of the Samba bulletin discusses several work arounds for unpatched servers.
References
Thanks to Sebastian Krahmer for reporting this vulnerability. This document was written by Jason A Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||