Vulnerability Note VU#958321
Samba contains a remotely exploitable stack buffer overflow
A remotely exploitable stack buffer overflow exists in the Samba server daemon (smbd).
Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows:
The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS), LanManager or NetBIOS protocol.
The Samba Team describes the vulnerability as follows:
There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code.
A remote attacker can execute arbitrary code with superuser privileges or can cause smbd to crash.
If you are a vendor and your product is affected, let
Apply a patch from your vendor.
This vulnerability was discovered by Steve Langasek and Eloy Paris.
This document was written by Ian A Finlay.
20 Nov 2002
Date First Published:
13 Dec 2002
Date Last Updated:
16 May 2003
If you have feedback, comments, or additional information about this vulnerability, please send us email.