Vulnerability Note VU#773720
Samba NDR MS-RPC heap buffer overflow
Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code.
Samba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). Network Data Representation (NDR) is the scheme to encode MS-RPC data for transport. Samba fails to properly validate MS-RPC packets. Specifically, Samba's NDR functions do not properly validate arguments supplied to memory allocation routines. This results in a buffer of insufficient size being allocated. When data is copied to this buffer, a heap-based buffer overflow may occur.
More information is available in Samba's Security Announcement.
A remote attacker may be able to execute arbitrary code.
Apply a patch or upgrade
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||14 May 2007||30 Jul 2007|
|Red Hat, Inc.||Affected||14 May 2007||15 May 2007|
|Samba||Affected||-||14 May 2007|
|Apple Computer, Inc.||Unknown||14 May 2007||14 May 2007|
|Conectiva Inc.||Unknown||14 May 2007||14 May 2007|
|Cray Inc.||Unknown||14 May 2007||14 May 2007|
|EMC, Inc. (formerly Data General Corporation)||Unknown||14 May 2007||14 May 2007|
|Engarde Secure Linux||Unknown||14 May 2007||14 May 2007|
|F5 Networks, Inc.||Unknown||14 May 2007||14 May 2007|
|Fedora Project||Unknown||14 May 2007||14 May 2007|
|FreeBSD, Inc.||Unknown||14 May 2007||14 May 2007|
|Fujitsu||Unknown||14 May 2007||14 May 2007|
|Gentoo Linux||Unknown||14 May 2007||14 May 2007|
|Hewlett-Packard Company||Unknown||14 May 2007||14 May 2007|
|Hitachi||Unknown||14 May 2007||14 May 2007|
CVSS Metrics (Learn More)
This vulnerability was reported by the Samba Team. Samba, in turn credits Brian Schafer of TippingPoint.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2007-2446
- Date Public: 14 May 2007
- Date First Published: 14 May 2007
- Date Last Updated: 08 Aug 2007
- Severity Metric: 7.65
- Document Revision: 34
If you have feedback, comments, or additional information about this vulnerability, please send us email.