Samba fails to properly filter input to /bin/sh. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on a Samba server.
Samba provides file and print services for Microsoft Windows, Unix, Linux, and OS X clients. Samba can also act as a Primary Domain Controller (PDC) or as a Domain Member. Samba runs on most Unix-like systems.
Samba versions prior to 3.0.24 pass unchecked user input from RPC messages to /bin/sh when calling externals scripts that are listed in the Samba configuration file. An attacker may be able to exploit this vulnerability by sending specially crafted RPC messages to a vulnerable server.
A remote, unauthenticated attacker may be able to execute arbitrary commands.
Apply a patch or upgrade
Do not load external shell scripts
Apple Computer, Inc.
Red Hat, Inc.
Slackware Linux Inc.
Sun Microsystems, Inc.
EMC, Inc. (formerly Data General Corporation)
Engarde Secure Linux
F5 Networks, Inc.
IBM Corporation (zseries)
Immunix Communications, Inc.
Ingrian Networks, Inc.
Juniper Networks, Inc.
MontaVista Software, Inc.
QNX, Software Systems, Inc.
Silicon Graphics, Inc.
The SCO Group
Trustix Secure Linux
Wind River Systems, Inc.
Thanks to Joshua J. Drake, iDefense Labs, and the Samba team for information that was used in this report.
|Date First Published:||2007-05-14|
|Date Last Updated:||2008-07-21 17:51 UTC|