HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-25
Multiple vulnerabilities in Samba

Original issue date: May 16, 2007

Severity Rating: High

Systems Affected

  • Samba 3.0.0 - 3.0.25rc3
  • Samba 3.0.23d -3.0.25pre2

Overview

Multiple vulnerabilities have been reported in Samba which could be exploited by remote attackers to execute arbitrary code on the affected system and compromise a vulnerable system with escalated privileges.

Description

1. Samba NDR heap based buffer overflow vulnerability (CVE-2007-2446)

A heap based buffer overflow vulnerability has been reported in Samba due to error in NDR (Network Data Representation) parsing in smbd. A remote attacker could exploit the vulnerability by sending specially crafted MS-RPC requests that will overwrite the heap space with user defined data to execute arbitrary code on the affected system.  

2. Samba remote command injection vulnerability (CVE-2007-2447)

A vulnerability has been reported in Samba due to error in filtering input to the /bin/sh via MS-RPC. A remote attacker could exploit the vulnerability by passing specially crafted RPC message containing shell metacharacters to /bin/sh while calling external scripts in the Samba configuration file to execute arbitrary command on the affected system.  

A remote unauthenticated attacker may be able to execute arbitrary command on the affected system. It could be exploited via remote printer and file share management with a valid user session.    

3. Samba SID/Name Translation vulnerability (CVE-2007-2444)

A vulnerability has been reported in SID/Name translation functionality in smbd in Samba. This could be exploited by a local attacker to gain temporary privileges and execute SMB/CIFS protocol operations as a root user.

Solution

Apply appropriate patch provided by the vendor or Upgrade http://www.samba.org/samba/security/
http://us1.samba.org/samba/download/

Vendor Information

Samba
http://us1.samba.org/samba/security/CVE-2007-2444.html
http://us1.samba.org/samba/security/CVE-2007-2446.html
http://us1.samba.org/samba/security/CVE-2007-2447.html

References

US –CERT
http://www.kb.cert.org/vuls/id/773720
http://www.kb.cert.org/vuls/id/268336

Secunia
http://secunia.com/advisories/25232/

iDefense Labs http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534

CVE Name
CVE-2007-2446
CVE-2007-2447
CVE-2007-2444

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003