Samba ms_fnmatch denial of service

samba-msfnmatch-dos (17987)

Low Risk

Description:

Samba is vulnerable to a denial of service attack, caused by a vulnerability in the ms_fnmatch function. By sending multiple specially-crafted commands to the vulnerable server, a remote authenticated attacker could consume 100% of the available CPU resources.

Platforms Affected:

• Canonical, Ubuntu 4.10
• Conectiva, Linux 10
• FedoraProject, Fedora Core 2
• FedoraProject, Fedora Core 3
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux 10.0 AMD64
• MandrakeSoft, Mandrake Linux 10.0
• MandrakeSoft, Mandrake Linux 10.1
• MandrakeSoft, Mandrake Linux 10.1 X86_64
• Novell, Linux Desktop 9
• OpenPKG, OpenPKG 2.1
• OpenPKG, OpenPKG 2.2
• OpenPKG, OpenPKG CURRENT
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Linux Advanced Workstation 2.1 Itanium
• Samba, Samba 3.0.4
• Samba, Samba 3.0.7
• SCO, SCO UnixWare 7.1.4
• SuSE, Linux Enterprise Server 9
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux 9.2
• Turbolinux, Turbolinux 10 Server

Remedy:

For Samba 3.0.7:
Apply the CAN-2004-0930 patch, available from the iDEFENSE Security Advisory 11.08.04. See References.

For Ubuntu Linux:
Upgrade to the latest samba version (3.0.7-1ubuntu6.1 or later), as listed in Ubuntu Security USN-22-1 November 10, 2004. See References.

For Mandrake Linux:
Upgrade to the latest samba package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:131 for more information. See References.

Mandrake Linux 10.1: 3.0.7-2.1.101mdk or later
Mandrake Linux 10.0: 3.0.6-4.2.100mdk or later

For Gentoo Linux:
Upgrade to the latest version of samba (3.0.8, < 3.0 or later), as listed in GLSA 200411-21. See References.

For SuSE Linux:
Upgrade to the latest Samba package, as listed below. Refer to SuSE Security Announcement SuSE-SUSE-SA:2004:040 for more information. See References.

SuSE Linux 9.1: 3.0.7-5.2 or later
SuSE Linux 9.2: 3.0.4-1.34.3 or later

For Red Hat Linux:
Upgrade to the latest samba package, as listed below. Refer to RHSA-2004:632-17 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 2.2.12-1.21as.1 or later
Red Hat Enterprise Linux AS (v. 3), ES (v. 3), WS (v. 3), Desktop: 3.0.7-1.3E.1.x86_64 or later

For Conectiva Linux:
Upgrade to the latest samba package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:899 for more information. See References.

Conectiva Linux 10.0: 3.0.7-62749U10_6cl or later

For Fedora Core 3:
Upgrade to the latest samba package (3.0.9-1.fc3 or later), as listed in Fedora Update Notification FEDORA-2004-460. See References.

For TurboLinux:
Upgrade to the latest samba package, as listed below. Refer to TurboLinux Security Advisory TLSA-2004-32 for more information. See References.

TurboLinux 10 Server: 3.0.6-9 or later

For SCO UnixWare 7.1.4:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.17. See References.

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2004.054 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

• BugTraq Mailing List, Mon Nov 08 2004 - 11:45:02 CST , [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7 at http://archives.neohapsis.com/archives/bugtraq/2004-11/0090.html.
• CIAC Information Bulletin P-038, Samba Vulnerabilities at http://www.ciac.org/ciac/bulletins/p-038.shtml.
• Conectiva Linux Security Announcement CLSA-2004:899, Fix for Samba's denial of service vulnerability at http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000899.
• Fedora Update Notification FEDORA-2004-459, samba-3.0.9-1.fc2 update at http://www.linuxsecurity.com/content/view/106941/102/.
• Fedora Update Notification FEDORA-2004-460, samba-3.0.9-1.fc3 update at http://www.linuxsecurity.com/content/view/106942/102/.
• iDEFENSE Security Advisory 11.08.04, Samba SMBD Remote Denial of Service Vulnerability at http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities.
• SCO Security Advisory SCOSA-2005.17, UnixWare 7.1.4 : Samba multiple security issues at ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt.
• BID-11624: Samba Remote Wild Card Denial Of Service Vulnerability
• CVE-2004-0930: The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
• GLSA-200411-21: Samba: Multiple vulnerabilities
• MDKSA-2004:131: Updated samba packages fix DoS vulnerability
• OpenPKG-SA-2004.054: Samba
• RHSA-2004-632: samba security update
• SUSE-SA:2004:040: samba: remote denial of service

Reported:

Nov 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page