The SMB filesystem read() system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition.
"Server Message Block (SMB) is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem is a network filesystem built on the SMB protocol. A lack of bounds checking in the read() system call may allow a buffer overflow to occur. When a request is made to a SMB server, the read() system call on the SMB client's system expects to receive a pre-specified amount of data. If more data is supplied to the read() call than expected, the buffer overflow will occur. Note that it may be possible for a remote attacker to set up a malicious smb server to exploit this vulnerability.
More detailed information is available in e-matters security advisory 14/2004.
A remote attacker may be able to cause a denial-of-service condition. In addition, an attacker may be able to execute arbitrary code on the vulnerable system. However, this possibility is unconfirmed.
Upgrade Your Linux Kernel
Apple Computer, Inc.
Juniper Networks, Inc.
F5 Networks, Inc.
Ingrian Networks, Inc.
MontaVista Software, Inc.
Red Hat, Inc.
Sequent Computer Systems, Inc.
Sun Microsystems, Inc.
The SCO Group (SCO Linux)
The SCO Group (SCO Unix)
Wind River Systems, Inc.
This vulnerability was reported by Stefan Esser.
This document was written by Jeff Gennari.
|Date First Published:||2005-02-02|
|Date Last Updated:||2006-04-19 11:16 UTC|