Results 1 to 2 of 2

Thread: Samba "receive_smb_raw()" Buffer Overflow Vulnerability

  1. #1
    Join Date
    Nov 2006
    Ubuntu Development Release

    Samba "receive_smb_raw()" Buffer Overflow Vulnerability

    Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch

    The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context.

    Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser.

    The vulnerability is confirmed in versions 3.0.28a and 3.0.29. Prior versions may also be affected.

  2. #2
    Join Date
    May 2008

    Re: Samba "receive_smb_raw()" Buffer Overflow Vulnerability

    Bump. Is an updated package being worked on or should I compile the latest version from source?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts