|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#773720
Samba NDR MS-RPC heap buffer overflow
OverviewSamba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code.
I. DescriptionSamba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). Network Data Representation (NDR) is the scheme to encode MS-RPC data for transport. Samba fails to properly validate MS-RPC packets. Specifically, Samba's NDR functions do not properly validate arguments supplied to memory allocation routines. This results in a buffer of insufficient size being allocated. When data is copied to this buffer, a heap-based buffer overflow may occur.
More information is available in Samba's Security Announcement.
II. ImpactA remote attacker may be able to execute arbitrary code.
III. SolutionApply a patch or upgrade
These vulnerabilities are addressed in Samba version 3.0.25. In addition, patches are available to address this vulnerability in Samba version 3.0.24. Refer to the Samba Security Releases website for more information.
Administrators who get Samba from their operating system vendor should see the systems affected portion of this document for a list of affected vendors.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Apple Computer, Inc. | Unknown | 14-May-2007 |
| Conectiva Inc. | Unknown | 14-May-2007 |
| Cray Inc. | Unknown | 14-May-2007 |
| Debian GNU/Linux | Vulnerable | 30-Jul-2007 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 14-May-2007 |
| Engarde Secure Linux | Unknown | 14-May-2007 |
| F5 Networks, Inc. | Unknown | 14-May-2007 |
| Fedora Project | Unknown | 14-May-2007 |
| FreeBSD, Inc. | Unknown | 14-May-2007 |
| Fujitsu | Unknown | 14-May-2007 |
| Gentoo Linux | Unknown | 14-May-2007 |
| Hewlett-Packard Company | Unknown | 14-May-2007 |
| Hitachi | Unknown | 14-May-2007 |
| IBM Corporation | Unknown | 14-May-2007 |
| IBM Corporation (zseries) | Unknown | 14-May-2007 |
| IBM eServer | Unknown | 14-May-2007 |
| Immunix Communications, Inc. | Unknown | 14-May-2007 |
| Ingrian Networks, Inc. | Unknown | 14-May-2007 |
| Juniper Networks, Inc. | Unknown | 14-May-2007 |
| Mandriva, Inc. | Unknown | 14-May-2007 |
| Microsoft Corporation | Unknown | 14-May-2007 |
| MontaVista Software, Inc. | Unknown | 14-May-2007 |
| NEC Corporation | Unknown | 14-May-2007 |
| NetBSD | Unknown | 14-May-2007 |
| Nokia | Unknown | 14-May-2007 |
| Novell, Inc. | Unknown | 14-May-2007 |
| OpenBSD | Unknown | 14-May-2007 |
| Openwall GNU/*/Linux | Unknown | 14-May-2007 |
| QNX, Software Systems, Inc. | Unknown | 14-May-2007 |
| Red Hat, Inc. | Vulnerable | 15-May-2007 |
| Samba | Vulnerable | 14-May-2007 |
| Silicon Graphics, Inc. | Unknown | 14-May-2007 |
| Slackware Linux Inc. | Unknown | 14-May-2007 |
| Sony Corporation | Unknown | 14-May-2007 |
| Sun Microsystems, Inc. | Unknown | 14-May-2007 |
| SUSE Linux | Unknown | 14-May-2007 |
| The SCO Group | Unknown | 14-May-2007 |
| Trustix Secure Linux | Unknown | 14-May-2007 |
| Turbolinux | Unknown | 14-May-2007 |
| Ubuntu | Unknown | 14-May-2007 |
| Unisys | Unknown | 14-May-2007 |
| Wind River Systems, Inc. | Unknown | 14-May-2007 |
References
http://samba.org/samba/security/CVE-2007-2446.html
http://samba.org/samba/history/security.html
http://www.samba.org/samba/history/samba-3.0.25.html
http://secunia.com/advisories/25232/
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
http://www.iss.net/threats/266.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://docs.info.apple.com/article.html?artnum=306172
Credit
This vulnerability was reported by the Samba Team. Samba, in turn credits Brian Schafer of TippingPoint.
This document was written by Jeff Gennari.
Other Information
| Date Public | 05/14/2007 |
| Date First Published | 05/14/2007 03:39:13 PM |
| Date Last Updated | 08/08/2007 |
| CERT Advisory | |
| CVE-ID(s) | CVE-2007-2446 |
| NVD-ID(s) | CVE-2007-2446 |
| US-CERT Technical Alerts | |
| Metric | 7.65 |
| Document Revision | 34 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader