Samba SMB password buffer overflow
| nt-samba-bo (337) |  High Risk |
Description:
Samba NetBIOS is vulnerable to a buffer overflow attack. By submitting a specially formatted password that exceeds the length expected by Samba, an attacker can overflow a buffer and cause the server to execute arbitrary code on the system with root privileges. In order for an attacker to do this, a valid SMB session must be negotiated and a valid username must be used.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of Samba (2.0.7 or later), available from the Samba Web site. See References.
For Caldera OpenLinux Base 1.1, Lite 1.1 and Standard 1.1:
Upgrade to the latest samba package (1.9.16p7-1 or later) as listed in Caldera Systems, Inc. Security Advisory SA-1997.24. See References.
— OR —
Upgrade to the lastest version of Samba (1.9.17p2 or later), as listed in CERT Vendor-Initiated Bulletin 97.10. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- Caldera International, Inc. Security Advisory SA-1997.24: Vulnerability in the Samba package.
- CIAC Information Bulletin H-110: Samba Servers Vulnerability.
- NCNU CERT Vendor-Initiated Bulletin VB-97.10: Security bugfix for Samba.
- Samba Project Web site: SAMBA Web Pages.
- BID-1816: SAMBA Long Password Buffer Overflow Vulnerability
- CVE-1999-0182: Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
Platforms Affected:
- Apple Mac OS
- Cisco IOS
- Compaq Tru64
- Data General DG/UX
- IBM AIX
- IBM OS2
- Linux Kernel
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows XP
- Novell NetWare
- Samba Samba
- SCO Caldera OpenLinux Base 1.1
- SCO Caldera OpenLinux Lite 1.1
- SCO Caldera OpenLinux Standard 1.1
- SCO SCO Unix
- SGI IRIX
- Sun Solaris
- WindRiver BSDOS
- HP-UX
Reported:
Sep 01, 1997
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net