Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code.
Samba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). Network Data Representation (NDR) is the scheme to encode MS-RPC data for transport. Samba fails to properly validate MS-RPC packets. Specifically, Samba's NDR functions do not properly validate arguments supplied to memory allocation routines. This results in a buffer of insufficient size being allocated. When data is copied to this buffer, a heap-based buffer overflow may occur.
More information is available in Samba's Security Announcement.
A remote attacker may be able to execute arbitrary code.
Apply a patch or upgrade
Debian GNU/Linux Affected
Red Hat, Inc. Affected
Apple Computer, Inc. Unknown
Conectiva Inc. Unknown
Cray Inc. Unknown
Engarde Secure Linux Unknown
F5 Networks, Inc. Unknown
Fedora Project Unknown
FreeBSD, Inc. Unknown
Gentoo Linux Unknown
Hewlett-Packard Company Unknown
IBM Corporation Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian Networks, Inc. Unknown
Juniper Networks, Inc. Unknown
Mandriva, Inc. Unknown
Microsoft Corporation Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Novell, Inc. Unknown
Openwall GNU/*/Linux Unknown
QNX, Software Systems, Inc. Unknown
SUSE Linux Unknown
Silicon Graphics, Inc. Unknown
Slackware Linux Inc. Unknown
Sony Corporation Unknown
Sun Microsystems, Inc. Unknown
The SCO Group Unknown
Trustix Secure Linux Unknown
Wind River Systems, Inc. Unknown
This vulnerability was reported by the Samba Team. Samba, in turn credits Brian Schafer of TippingPoint.
This document was written by Jeff Gennari.
|Date First Published:||2007-05-14|
|Date Last Updated:||2007-08-08 17:39 UTC|