Vulnerability Note VU#773720

Samba NDR MS-RPC heap buffer overflow

Original Release date: 14 May 2007 | Last revised: 08 Aug 2007

Overview

Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code.

Description

Samba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). Network Data Representation (NDR) is the scheme to encode MS-RPC data for transport. Samba fails to properly validate MS-RPC packets. Specifically, Samba's NDR functions do not properly validate arguments supplied to memory allocation routines. This results in a buffer of insufficient size being allocated. When data is copied to this buffer, a heap-based buffer overflow may occur.

More information is available in Samba's Security Announcement.

Impact

A remote attacker may be able to execute arbitrary code.

Solution

Apply a patch or upgrade
These vulnerabilities are addressed in Samba version 3.0.25. In addition, patches are available to address this vulnerability in Samba version 3.0.24. Refer to the Samba Security Releases website for more information.

Administrators who get Samba from their operating system vendor should see the systems affected portion of this document for a list of affected vendors.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected14 May 200730 Jul 2007
Red Hat, Inc.Affected14 May 200715 May 2007
SambaAffected-14 May 2007
Apple Computer, Inc.Unknown14 May 200714 May 2007
Conectiva Inc.Unknown14 May 200714 May 2007
Cray Inc.Unknown14 May 200714 May 2007
EMC, Inc. (formerly Data General Corporation)Unknown14 May 200714 May 2007
Engarde Secure LinuxUnknown14 May 200714 May 2007
F5 Networks, Inc.Unknown14 May 200714 May 2007
Fedora ProjectUnknown14 May 200714 May 2007
FreeBSD, Inc.Unknown14 May 200714 May 2007
FujitsuUnknown14 May 200714 May 2007
Gentoo LinuxUnknown14 May 200714 May 2007
Hewlett-Packard CompanyUnknown14 May 200714 May 2007
HitachiUnknown14 May 200714 May 2007
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by the Samba Team. Samba, in turn credits Brian Schafer of TippingPoint.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2007-2446
  • Date Public: 14 May 2007
  • Date First Published: 14 May 2007
  • Date Last Updated: 08 Aug 2007
  • Severity Metric: 7.65
  • Document Revision: 34

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.