|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#726198
SMB filesystem read system call vulnerable to buffer overflow
OverviewThe SMB filesystem read() system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition.
I. Description"Server Message Block (SMB) is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem is a network filesystem built on the SMB protocol. A lack of bounds checking in the read() system call may allow a buffer overflow to occur. When a request is made to a SMB server, the read() system call on the SMB client's system expects to receive a pre-specified amount of data. If more data is supplied to the read() call than expected, the buffer overflow will occur. Note that it may be possible for a remote attacker to set up a malicious smb server to exploit this vulnerability.
More detailed information is available in e-matters security advisory 14/2004.
II. ImpactA remote attacker may be able to cause a denial-of-service condition. In addition, an attacker may be able to execute arbitrary code on the vulnerable system. However, this possibility is unconfirmed.
III. SolutionUpgrade Your Linux Kernel
This vulnerability was corrected in verson 2.4.28 of the Kernel. Users are encouraged to upgrade to this version.
Contact Your Vendor
Users who suspect they are vulnerable are encouraged to check with their Linux vendor to determine the appropriate action to take.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Apple Computer, Inc. | Not Vulnerable | 19-Apr-2006 |
| Cray Inc. | Unknown | 2-Feb-2005 |
| Debian Linux | Unknown | 2-Feb-2005 |
| EMC Corporation | Unknown | 2-Feb-2005 |
| Engarde | Unknown | 2-Feb-2005 |
| F5 Networks, Inc. | Unknown | 2-Feb-2005 |
| FreeBSD, Inc. | Unknown | 2-Feb-2005 |
| Fujitsu | Unknown | 2-Feb-2005 |
| Hewlett-Packard Company | Unknown | 2-Feb-2005 |
| Hitachi | Not Vulnerable | 25-Mar-2005 |
| IBM-zSeries | Unknown | 2-Feb-2005 |
| IBM Corporation | Unknown | 2-Feb-2005 |
| IBM eServer | Unknown | 2-Feb-2005 |
| Immunix | Unknown | 2-Feb-2005 |
| Ingrian Networks, Inc. | Unknown | 2-Feb-2005 |
| Juniper Networks, Inc. | Not Vulnerable | 2-Feb-2005 |
| Mandriva, Inc. | Unknown | 2-Feb-2005 |
| Mandriva, Inc. | Unknown | 2-Feb-2005 |
| Microsoft Corporation | Unknown | 2-Feb-2005 |
| MontaVista Software, Inc. | Unknown | 2-Feb-2005 |
| NEC Corporation | Unknown | 2-Feb-2005 |
| NetBSD | Not Vulnerable | 2-Feb-2005 |
| Nokia | Unknown | 2-Feb-2005 |
| Novell, Inc. | Unknown | 2-Feb-2005 |
| OpenBSD | Unknown | 2-Feb-2005 |
| Openwall GNU/*/Linux | Unknown | 2-Feb-2005 |
| Red Hat, Inc. | Unknown | 2-Feb-2005 |
| Samba Team | Vulnerable | 18-Nov-2004 |
| Sequent Computer Systems, Inc. | Unknown | 2-Feb-2005 |
| SGI | Unknown | 2-Feb-2005 |
| Sony Corporation | Unknown | 2-Feb-2005 |
| Sun Microsystems, Inc. | Unknown | 2-Feb-2005 |
| SUSE Linux | Vulnerable | 7-Feb-2005 |
| The SCO Group (SCO Linux) | Unknown | 2-Feb-2005 |
| The SCO Group (SCO Unix) | Unknown | 2-Feb-2005 |
| TurboLinux | Unknown | 2-Feb-2005 |
| Unisys | Unknown | 2-Feb-2005 |
| Wind River Systems, Inc. | Unknown | 2-Feb-2005 |
References
http://secunia.com/advisories/13232/
http://security.e-matters.de/advisories/142004.html
Credit
This vulnerability was reported by Stefan Esser.
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2004-11-17 |
| Date First Published: | 2005-02-01 |
| Date Last Updated: | 2006-04-19 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2004-0883 |
| NVD-ID(s): | CVE-2004-0883 |
| US-CERT Technical Alerts: | |
| Metric: | 1.06 |
| Document Revision: | 95 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader