FreeBSD Information for VU#298233

Samba contains buffer overflow in SMB/CIFS packet fragment reassembly code



Vendor Statement


Hash: SHA1

FreeBSD-SN-03:01 Security Notice
The FreeBSD Project

Topic: security issue in samba ports
Announced: 2003-04-07

I. Introduction

Several ports in the FreeBSD Ports Collection are affected by security
issues. These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.
The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted.

These ports are not installed by default, nor are they ``part of
FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format. FreeBSD makes
no claim about the security of these third-party applications. See
<URL:> for more information about the
FreeBSD Ports Collection.

II. Ports

Port name: net/samba
Affected: versions < samba-2.2.8_2, samba-2.2.8a
Status: Fixed

Two vulnerabilities recently:

(1) Sebastian Krahmer of the SuSE Security Team identified
vulnerabilities that could lead to arbitrary code execution as root,
as well as a race condition that could allow overwriting of system
files. (This vulnerability was previously fixed in Samba 2.2.8.)

(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited
correctly, leads to an anonymous user gaining root access on a Samba
serving system. All versions of Samba up to and including Samba 2.2.8
are vulnerable. Alpha versions of Samba 3.0 and above are *NOT*

<URL: >
<URL: >
<URL: >
<URL: >
<URL: >
Port name: net/samba-tng
Affected: all versions
Status: Not fixed

Some or all of the vulnerabilities affecting Samba may also affect
Samba-TNG. No confirmation or official patches are available at the
time of this security notice.

III. Upgrading Ports/Packages

To upgrade a fixed port/package, perform one of the following:

1) Upgrade your Ports Collection and rebuild and reinstall the port.
Several tools are available in the Ports Collection to make this
easier. See:

2) Deinstall the old package and install a new package obtained from

[FreeBSD 4.x, i386]

[FreeBSD 5.x, i386]

Packages are not automatically generated for other architectures at
this time.

Note that new, official packages may not be available on all mirrors
immediately. In the interim, Security Officer-generated packages (and
detached digital signatures) are available for the i386 architecture

[FreeBSD 4.x, i386]

[FreeBSD 5.x]

FreeBSD Security Notices are communications from the Security Officer
intended to inform the user community about potential security issues,
such as bugs in the third-party applications found in the Ports
Collection, which will not be addressed in a FreeBSD Security

Feedback on Security Notices is welcome at <>.
Version: GnuPG v1.2.1 (FreeBSD)


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.