Vulnerability Note VU#773720
Samba NDR MS-RPC heap buffer overflow
Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code.
Samba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). Network Data Representation (NDR) is the scheme to encode MS-RPC data for transport. Samba fails to properly validate MS-RPC packets. Specifically, Samba's NDR functions do not properly validate arguments supplied to memory allocation routines. This results in a buffer of insufficient size being allocated. When data is copied to this buffer, a heap-based buffer overflow may occur.
More information is available in Samba's Security Announcement.
A remote attacker may be able to execute arbitrary code.
Apply a patch or upgrade
These vulnerabilities are addressed in Samba version 3.0.25. In addition, patches are available to address this vulnerability in Samba version 3.0.24. Refer to the Samba Security Releases website for more information.
Administrators who get Samba from their operating system vendor should see the systems affected portion of this document for a list of affected vendors.
If you are a vendor and your product is affected, let
us know.View More »
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||14 May 2007||30 Jul 2007|
|Red Hat, Inc.||Affected||14 May 2007||15 May 2007|
|Samba||Affected||-||14 May 2007|
|Apple Computer, Inc.||Unknown||14 May 2007||14 May 2007|
|Conectiva Inc.||Unknown||14 May 2007||14 May 2007|
|Cray Inc.||Unknown||14 May 2007||14 May 2007|
|EMC, Inc. (formerly Data General Corporation)||Unknown||14 May 2007||14 May 2007|
|Engarde Secure Linux||Unknown||14 May 2007||14 May 2007|
|F5 Networks, Inc.||Unknown||14 May 2007||14 May 2007|
|Fedora Project||Unknown||14 May 2007||14 May 2007|
|FreeBSD, Inc.||Unknown||14 May 2007||14 May 2007|
|Fujitsu||Unknown||14 May 2007||14 May 2007|
|Gentoo Linux||Unknown||14 May 2007||14 May 2007|
|Hewlett-Packard Company||Unknown||14 May 2007||14 May 2007|
|Hitachi||Unknown||14 May 2007||14 May 2007|
This vulnerability was reported by the Samba Team. Samba, in turn credits Brian Schafer of TippingPoint.
This document was written by Jeff Gennari.
14 May 2007
Date First Published:
14 May 2007
Date Last Updated:
08 Aug 2007
If you have feedback, comments, or additional information about this vulnerability, please send us email.