A buffer overflow vulnerability has been discovered in Samba. An updated version has been released.
A remotely exploitable buffer overflow vulnerability was discoved to affect Samba versions 2.0.x through 2.2.7a. From their bulletin:
The SuSE security audit team, in particular Sebastian Krahmer, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
A remote attacker may be able to execute arbitrary code with the privileges of the Super User, typically root.
Upgrade to Samba version 2.2.8.
The "Protecting an unpatched Samba server" section of the Samba bulletin discusses several work arounds for unpatched servers.
Apple Computer Inc. Affected
Gentoo Linux Affected
Hewlett-Packard Company Affected
MontaVista Software Affected
Red Hat Inc. Affected
Samba Team Affected
SuSE Inc. Affected
Sun Microsystems Inc. Affected
Fujitsu Not Affected
Ingrian Networks Not Affected
Openwall GNU/*/Linux Not Affected
Thanks to Sebastian Krahmer for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2003-03-17|
|Date Last Updated:||2003-05-15 16:54 UTC|