Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA27760] Samba "send_mailslot()" Buffer Overflow Vulnerability



> ----------------------------------------------------------------------
>
> TITLE:
> Samba "send_mailslot()" Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA27760
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27760/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> System access
>
> WHERE:
> From local network
>
> REVISION:
> 2.0 originally posted 2007-12-10
>
> SOFTWARE:
> Samba 3.x
> http://secunia.com/product/2999/
> Samba 2.x
> http://secunia.com/product/1271/
>
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in Samba, which can
> be exploited by malicious people to compromise a vulnerable system.
>
> The vulnerability is caused due to a boundary error within the
> "send_mailslot()" function. This can be exploited to cause a
> stack-based buffer overflow with zero bytes via a specially crafted
> "SAMLOGON" domain logon packet containing a username string placed at
> an odd offset followed by an overly long GETDC string.
>
> Successful exploitation allows execution of arbitrary code, but
> requires that the "domain logons" option is enabled.
>
> The vulnerability is confirmed in version 3.0.27a. Prior versions may
> also be affected.
>
> SOLUTION:
> Update to version 3.0.28 or apply patch.
>
> Patch for Samba 3.0.27a:
> http://us3.samba.org/samba/ftp/patches/security/samba-3.0.27a-
> CVE-2007-6015.patch
>
> PROVIDED AND/OR DISCOVERED BY:
> Alin Rad Pop, Secunia Research.
>
> CHANGELOG:
> 2007-12-10: Updated "Solution" section.
>
> ORIGINAL ADVISORY:
> Secunia Research:
> http://secunia.com/secunia_research/2007-99/
>
> Samba:
> http://us3.samba.org/samba/security/CVE-2007-6015.html
>
>



 




Copyright © Lexa Software, 1996-2009.