Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code.
Samba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). Network Data Representation (NDR) is the scheme to encode MS-RPC data for transport. Samba fails to properly validate MS-RPC packets. Specifically, Samba's NDR functions do not properly validate arguments supplied to memory allocation routines. This results in a buffer of insufficient size being allocated. When data is copied to this buffer, a heap-based buffer overflow may occur.
More information is available in Samba's Security Announcement.
A remote attacker may be able to execute arbitrary code.
Apply a patch or upgrade
This vulnerability was reported by the Samba Team. Samba, in turn credits Brian Schafer of TippingPoint.
This document was written by Jeff Gennari.
|Date First Published:||2007-05-14|
|Date Last Updated:||2007-08-08 17:39 UTC|