ISS X-Force Database: samba-smbcifs-smbd-bo(11550): Samba SMB/CIFS packet fragment re-assembly code buffer overflow

Samba SMB/CIFS packet fragment re-assembly code buffer overflow

samba-smbcifs-smbd-bo (11550)

High Risk

Description:

Samba is vulnerable to a buffer overflow in the SMB/CIFS packet fragment re-assembly code in the smbd daemon. A remote attacker could connect to TCP port 139 or 445 and send a specially-crafted SMB/CIFS packet to overflow a buffer to overwrite memory, and possibly execute arbitrary code on the system with root privileges.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Samba (2.2.8 or later), available from the Samba Web site. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest samba package (2.2.3a-12.1 or later), as listed in DSA-262-1 for more information. See References.

For Red Hat Linux:
Upgrade to the latest samba package, as listed below. Refer to RHSA-2003:095-23 for more information. See References.

Red Hat 6.2: 2.0.10-1.62 or later
Red Hat 7.0: 2.0.10-1.7.0 or later
Red Hat 7.1: 2.0.10-4.7.1 or later
Red Hat 7.2: 2.2.7-2.7.2 or later
Red Hat 7.3: 2.2.7-2.7.3 or later
Red Hat 8.0: 2.2.7-4.8.0 or later
Red Hat 9: 2.2.7a-7.9.0 or later

For Gentoo Linux:
Upgrade to the latest version of sambai (2.2.8 or later), as listed in Gentoo Linux Security Announcement 200303-11. See References.

For Mandrake Linux:
Upgrade to the latest samba package (2.2.7a-8.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2003:032:samba. See References.

For Apple Mac OS X and Mac OS X Server:
Samba ships with Mac OS X and Mac OS X Server, but is not enabled by default. Upgrade to Security Update 2003-03-24, available at the Apple Computer, Inc. Security Updates site. See References.

For OpenPKG:
Upgrade to the latest samba package as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2003.021 for more information. See References.

OpenPKG CURRENT: 2.2.8-20030316 or later
OpenPKG 1.0: 2.2.7a-1.2.1 or later
OpenPKG 1.1: 2.2.5-1.1.2 or later

For Trustix Secure Linux 1.1, 1.2, and 1.5:
Upgrade to the latest samba package (2.2.8-1tr or later), as listed in Trustix Secure Linux Security Advisory #2003-0011. See References.

For SuSE Linux:
Upgrade to the latest samba or samba-client package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:016 for more information. See References.

SuSE 8.1 (Intel): 2.2.5-160 or later
SuSE 8.0 (Intel): 2.2.3a-169 or later
SuSE 7.3 (Intel): 2.2.1a-213 or later
SuSE 7.3 (Sparc): 2.2.1a-73 or later
SuSE 7.3 (PPC): 2.2.1a-147 or later
SuSE 7.2 (Intel): 2.2.0a-48 or later
SuSE 7.1 (Intel): 2.0.10-27 or later
SuSE 7.1 (AXP): 2.0.10-21 or later

For Immunix OS 6.2, 7.0, and 7+:
Upgrade to the latest version of openssl (2.0.10-2_imnx_2 or later), as listed in Immunix OS Security Advisory IMNX-2003-7+-001-01. See References.

For Conectiva Linux:
Upgrade to the latest samba package, as listed below. Refer to Connectiva Linux Security Announcement CLSA-2003:615 for more information. See References.

Conectiva Linux 6.0: 2.0.9-2U60_3cl or later
Conectiva Linux 7.0: 2.2.8-1U70_1cl or later
Conectiva Linux 8: 2.2.8-1U80_1cl or later

For FreeBSD Ports Collection:
Upgrade to the latest ports collection, as listed in FreeBSD Security Notice FreeBSD-SN-03:01. See References.

For HP-UX releases 11.0 and 11.11:
Download and install the latest smbd file (11.00 or later), as listed in Hewlett-Packard Company Security Bulletin HPSBUX0304-253. See References.

For HP-UX releases 11.22:
Upgrade to the latest version of HP CIFS/9000 Server (A.01.09.02 or later), when it becomes available from the Hewlett-Packard Company Web site. See References.

For Caldera OpenLinux 3.1.1 (Workstation and Server):
Upgrade to the latest version of samba (2.2.2-7 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2003-017.0. See References.

For Sun Solaris 9:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 53581 for more information. See References.

Solaris 9 (Sparc): 114684-02 or later
Solaris 9 (Intel): 114685-02 or later

For Caldera OpenServer 5.0.5, 5.0.6, and 5.0.7:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory CSSA-2003-SCO.13.1. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Apple Computer, Inc. Security Updates: Security Update 2003-03-24.
Caldera International, Inc. Security Advisory CSSA-2003-017.0: OpenLinux: Various serious Samba vulnerabilities.
CIAC Information Bulletin N-055: Samba smbd Buffer Overrun Vulnerability.
Conectiva Linux Security Announcement CLSA-2003:615: samba.
FreeBSD Security Notice FreeBSD-SN-03:01: security issue in samba ports. (From LinuxSecurity archive)
Gentoo Linux Security Announcement 200303-11: samba -- buffer overrun. (From LinuxSecurity archive)
Hewlett-Packard Company Web site: Welcome HP Web site.
Immunix OS Security Advisory IMNX-2003-7+-001-01: samba. (From LinuxSecurity archive)
Samba Web site: Samba - opening Windows to a wider world.
SCO Security Advisory CSSA-2003-SCO.13.1: OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : Samba security update available avaliable for download.. (From LinuxSecurity archive)
SGI Security Advisory 20030302-01-I: SMB/CIFS Security Vulnerability in Samba.
Sun Alert ID: 53581: Security Vulnerability in Samba(7) versions 2.2.2 through 2.2.8 May Allow Remote User Unauthorized Privileges.
Sun Alert ID: 53924: Sun Cobalt Samba Versions Earlier Than 2.2.8 May Allow Remote Unauthorized Root Privileges.
Trustix Secure Linux Security Advisory #2003-0011: samba -- Remote root compromise.
BID-7106: Samba SMB/CIFS Packet Assembling Buffer Overflow Vulnerability
CVE-2003-0085: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
DSA-262: samba -- remote exploit
MDKSA-2003:032: Updated samba packages fix remote root vulnerability
OpenPKG-SA-2003.021: Samba
RHSA-2003-095: New samba packages fix security vulnerabilities
RHSA-2003-096: samba security update
RHSA-2003-226: Updated samba packages fix security vulnerabilities
SA8299: Samba Packet Fragment Re-assembly Buffer Overflow
SUSE-SA:2003:016: samba: remote command execution

Platforms Affected:

Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
Debian Debian Linux 3.0
FreeBSD FreeBSD Ports Collection
Gentoo Linux
HP CIFS-9000 Server A.01.09
HP HP-UX 11.00
HP HP-UX 11.11
HP HP-UX 11.22
Immunix Immunix OS 6.2
Immunix Immunix OS 7+-beta
Immunix Immunix OS 7.0
MandrakeSoft Mandrake Linux 8.0 PPC
MandrakeSoft Mandrake Linux 8.0
MandrakeSoft Mandrake Linux 8.1 IA64
MandrakeSoft Mandrake Linux 8.1
MandrakeSoft Mandrake Linux 8.2
MandrakeSoft Mandrake Linux 8.2 PPC
MandrakeSoft Mandrake Linux 9.0
MandrakeSoft Mandrake Linux Corporate Server 2.1
MandrakeSoft Mandrake Multi Network Firewall 8.2
Novell SuSE Linux Enterprise Server 7.0
OpenPKG OpenPKG 1.1
OpenPKG OpenPKG 1.2
OpenPKG OpenPKG CURRENT
RedHat Enterprise Linux 2.1 AS
RedHat Enterprise Linux 2.1 ES
RedHat Enterprise Linux 2.1 WS
RedHat Linux 6.2
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.1 for iSeries
RedHat Linux 7.1 for pSeries
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux 8.0
RedHat Linux 9.0
RedHat Linux Advanced Workstation 2.1 Itanium
Samba Samba 2.0.0
Samba Samba 2.0.1
Samba Samba 2.0.10
Samba Samba 2.0.2
Samba Samba 2.0.3
Samba Samba 2.0.4
Samba Samba 2.0.5
Samba Samba 2.0.6
Samba Samba 2.0.7
Samba Samba 2.0.8
Samba Samba 2.0.9
Samba Samba 2.2.0
Samba Samba 2.2.0a
Samba Samba 2.2.1a
Samba Samba 2.2.2
Samba Samba 2.2.3
Samba Samba 2.2.3a
Samba Samba 2.2.4
Samba Samba 2.2.5
Samba Samba 2.2.6
Samba Samba 2.2.7
Samba Samba 2.2.7a
SCO Caldera OpenLinux Server 3.1.1
SCO Caldera OpenLinux Workstation 3.1.1
SCO Caldera OpenServer 5.0.5
SCO Caldera OpenServer 5.0.6
SCO Caldera OpenServer 5.0.7
SGI IRIX 6.5
SGI IRIX 6.5 20
SGI IRIX 6.5.1
SGI IRIX 6.5.10
SGI IRIX 6.5.10f
SGI IRIX 6.5.10m
SGI IRIX 6.5.11
SGI IRIX 6.5.11f
SGI IRIX 6.5.11m
SGI IRIX 6.5.12
SGI IRIX 6.5.12f
SGI IRIX 6.5.12m
SGI IRIX 6.5.13
SGI IRIX 6.5.13f
SGI IRIX 6.5.13m
SGI IRIX 6.5.14
SGI IRIX 6.5.14f
SGI IRIX 6.5.14m
SGI IRIX 6.5.15
SGI IRIX 6.5.15f
SGI IRIX 6.5.15m
SGI IRIX 6.5.16
SGI IRIX 6.5.16f
SGI IRIX 6.5.16m
SGI IRIX 6.5.17
SGI IRIX 6.5.17f
SGI IRIX 6.5.17m
SGI IRIX 6.5.18
SGI IRIX 6.5.18f
SGI IRIX 6.5.18m
SGI IRIX 6.5.19
SGI IRIX 6.5.19f
SGI IRIX 6.5.19m
SGI IRIX 6.5.2
SGI IRIX 6.5.20
SGI IRIX 6.5.20f
SGI IRIX 6.5.20m
SGI IRIX 6.5.21
SGI IRIX 6.5.21f
SGI IRIX 6.5.21m
SGI IRIX 6.5.22
SGI IRIX 6.5.22m
SGI IRIX 6.5.23
SGI IRIX 6.5.23m
SGI IRIX 6.5.24
SGI IRIX 6.5.24m
SGI IRIX 6.5.25
SGI IRIX 6.5.26
SGI IRIX 6.5.27
SGI IRIX 6.5.28
SGI IRIX 6.5.2f
SGI IRIX 6.5.2m
SGI IRIX 6.5.3
SGI IRIX 6.5.3f
SGI IRIX 6.5.3m
SGI IRIX 6.5.4
SGI IRIX 6.5.4f
SGI IRIX 6.5.4m
SGI IRIX 6.5.5
SGI IRIX 6.5.5f
SGI IRIX 6.5.5m
SGI IRIX 6.5.6
SGI IRIX 6.5.6f
SGI IRIX 6.5.6m
SGI IRIX 6.5.7
SGI IRIX 6.5.7f
SGI IRIX 6.5.7m
SGI IRIX 6.5.8
SGI IRIX 6.5.8f
SGI IRIX 6.5.8m
SGI IRIX 6.5.9
SGI IRIX 6.5.9f
SGI IRIX 6.5.9m
Sun Cobalt Qube 3
Sun Cobalt RaQ 4
Sun Cobalt RaQ 550
Sun Cobalt RaQ XTR
Sun Linux 5.0
Sun Solaris 9
SuSE Linux Enterprise Server 8
SuSE SuSE eMail Server 3.1
SuSE SuSE eMail Server III
SUSE SuSE Linux 7.1
SUSE SuSE Linux 7.2
SUSE SuSE Linux 7.3
SUSE SuSE Linux 8.0
SUSE SuSE Linux 8.1
SuSE SuSE Linux Connectivity Server
SuSE SuSE Linux Database Server
SuSE SuSE Linux Firewall
SuSE SuSE Linux Office Server
Trustix Secure Linux 1.01
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Trustix Secure Linux 1.5

Reported:

Mar 14, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page