Gerald (Jerry) Carter
2007-Nov-15 15:09 UTC
[Samba] [SECURITY] CVE-2007-5398 - Remote Code Execution in Samba's nmbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Remote code execution in Samba's WINS == server daemon (nmbd) when processing name == registration followed name query requests. === CVE ID#: CVE-2007-5398 === Versions: Samba 3.0.0 - 3.0.26a (inclusive) === Summary: When nmbd has been configured as a WINS == server, a client can send a series of name == registration request followed by a specific == name query request packet and execute == arbitrary code. ========================================================== ==========Description ========== Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. =================Patch Availability ================= A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.27 has been issued as a security release to correct the defect. =========Workaround ========= Samba administrators may avoid this security issue by disabling the "wins support" feature in the hosts smb.conf file. ======Credits ====== This vulnerability was reported to Samba developers by Alin Rad Pop, Secunia Research. The time line is as follows: * Oct 30, 2007: Initial report to security@samba.org. * Oct 30, 2007: First response from Samba developers confirming the bug along with a proposed patch. * Nov 15, 2007: Public security advisory to be made available. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team =========================================================-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPEfSIR7qMdg1EfYRAk8AAJ4w/eUyHYYo+tBlu+0pFXsr7G7CMwCg2yco 1kzBXPCsz/WcfGAfnTdAwgg=YVMj -----END PGP SIGNATURE-----
Reasonably Related Threads
- [SECURITY] CVE-2007-5398 - Remote Code Execution in Samba's nmbd
- [SECURITY] Buffer overrun in send_mailslot()
- [SECURITY] Buffer overrun in send_mailslot()
- [SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses
- (Fwd) [SA11578] Icecast Basic Authorization Denial of Service
Wisdom of the Ancients
