CERT-In Advisory CIAD-2007-63
Multiple Vulnerabilities in Samba
Original issue date:
November 29, 2007
Severity Rating: Medium
Systems Affected
Overview
Multiple vulnerabilities have been reported in Samba which could be exploited by local/remote attacker to cause a denial of service or compromise the affected system.
Description
1. Buffer overflow vulnerability in Samba
( CVE-2007-5398 , CWE-119 )
A vulnerability has been reported in Samba due to a stack-based buffer overflow error in “ reply_netbios_packet()" [nmbd/nmbd_packets.c] function while sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. This vulnerability could be exploited by remote attackers to crash or compromise an affected application.
Successful exploitation requires that Samba is configured to run as a WINS server (the "wins support" option is enabled).
2. Samba “nmbd” buffer overflow Vulnerability
( CVE-2007-4572 , CWE-119 )
The cause of the vulnerability is due to a buffer overflow error in "nmbd" while processing specially crafted GETDC logon server requests. This vulnerability could be exploited by attackers via a malicious GETDC mailslot request to crash an affected application or execution of arbitrary code.
Successful exploitation requires that Samba is configured as a Primary or Backup Domain Controller.
Solution
Apply patches or update to version 3.0.27.
Patches for version 3.0.26a :
http://us1.samba.org/samba/ftp/patche...ity/samba-3.0.26a-CVE-2007-5398.patch
http://us1.samba.org/samba/ftp/patche...ity/samba-3.0.26a-CVE-2007-4572.patch Vendor Information
Samba:
http://us1.samba.org/samba/history/security.html
References
Secunia
http://secunia.com/advisories/27450/
FrSirt
http://www.frsirt.com/english/advisories/2007/3869
Securityfocus
http://www.securityfocus.com/bid/26454
CVE-Name
CVE-2007-5398
CVE-2007-4572 Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
