Vulnerability Note VU#958321

Samba contains a remotely exploitable stack buffer overflow

Original Release date: 13 Dec 2002 | Last revised: 16 May 2003

Overview

A remotely exploitable stack buffer overflow exists in the Samba server daemon (smbd).

Description

Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows:

    The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS), LanManager or NetBIOS protocol.

The Samba Team describes the vulnerability as follows:
    There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code.

Impact

A remote attacker can execute arbitrary code with superuser privileges or can cause smbd to crash.

Solution

Apply a patch from your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
ConectivaAffected-13 Dec 2002
DebianAffected-13 Dec 2002
Gentoo LinuxAffected-13 Dec 2002
Hewlett-Packard CompanyAffected-12 Dec 2002
MandrakeSoftAffected-13 Dec 2002
Red Hat Inc.Affected-13 Dec 2002
SCOAffected-05 May 2003
SGIAffected-13 Dec 2002
SlackwareAffected-13 Dec 2002
Sun Microsystems Inc.Affected-16 May 2003
SuSE Inc.Affected-13 Dec 2002
The OpenPKG ProjectAffected-13 Dec 2002
Trustix Secure LinuxAffected-13 Dec 2002
Apple Computer Inc.Not Affected-14 Feb 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Steve Langasek and Eloy Paris.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2002-1318
  • Date Public: 20 Nov 2002
  • Date First Published: 13 Dec 2002
  • Date Last Updated: 16 May 2003
  • Severity Metric: 45.56
  • Document Revision: 23

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.