Samba fails to properly filter input to /bin/sh. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on a Samba server.
Samba provides file and print services for Microsoft Windows, Unix, Linux, and OS X clients. Samba can also act as a Primary Domain Controller (PDC) or as a Domain Member. Samba runs on most Unix-like systems.
Samba versions prior to 3.0.24 pass unchecked user input from RPC messages to /bin/sh when calling externals scripts that are listed in the Samba configuration file. An attacker may be able to exploit this vulnerability by sending specially crafted RPC messages to a vulnerable server.
A remote, unauthenticated attacker may be able to execute arbitrary commands.
Apply a patch or upgrade
Do not load external shell scripts
Apple Computer, Inc. Affected
Debian GNU/Linux Affected
Gentoo Linux Affected
Red Hat, Inc. Affected
Slackware Linux Inc. Affected
Sun Microsystems, Inc. Affected
Novell, Inc. Not Affected
Conectiva Inc. Unknown
Cray Inc. Unknown
Engarde Secure Linux Unknown
F5 Networks, Inc. Unknown
Fedora Project Unknown
FreeBSD, Inc. Unknown
Hewlett-Packard Company Unknown
IBM Corporation Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian Networks, Inc. Unknown
Juniper Networks, Inc. Unknown
Mandriva, Inc. Unknown
Microsoft Corporation Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
QNX, Software Systems, Inc. Unknown
SUSE Linux Unknown
Silicon Graphics, Inc. Unknown
Sony Corporation Unknown
The SCO Group Unknown
Trustix Secure Linux Unknown
Wind River Systems, Inc. Unknown
Thanks to Joshua J. Drake, iDefense Labs, and the Samba team for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-05-14|
|Date Last Updated:||2008-07-21 17:51 UTC|