Gerald (Jerry) Carter
2007-Nov-15 15:09 UTC
[Samba] [SECURITY] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Stack buffer overflow in nmbd's logon == request processing. === CVE ID#: CVE-2007-4572 === Versions: Samba 3.0.0 - 3.0.26a (inclusive) === Summary: Processing of specially crafted GETDC == mailslot requests can result in a buffer == overrun in nmbd. It is not believed that == that this issues can be exploited to == result in remote code execution. ========================================================== ==========Description ========== Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller. =================Patch Availability ================= A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.27 has been issued as a security release to correct the defect. =========Workaround ========= Samba administrators may avoid this security issue by disabling both the "domain logons" and the "domain master" options in in the server's smb.conf file. Note that this will disable all domain controller features as well. ======Credits ====== This vulnerability was discovered by Samba developers during an internal code audit. The time line is as follows: * Sep 13, 2007: Initial report to security@samba.org including proposed patch. * Sep 14, 2007: Patch review by members of the Josh Bressers (RedHat Security Team) and Simo Sorce (Samba/RedHat developer) * Nov 15, 2007: Public security advisory made available. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPEdIIR7qMdg1EfYRAo0dAKC3m5RqVv9ZnwdbsFlvsTtBZuPPwwCg5Q22 bRcVL/Nl5oFmtnddjQlqN1k=Adhf -----END PGP SIGNATURE-----
Possibly Parallel Threads
- [SECURITY] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
- GetDC got invalid response type 21
- winbind initialization: GetDC got invalid response type 21
- [SECURITY] Buffer overrun in send_mailslot()
- [SECURITY] Buffer overrun in send_mailslot()