Samba SMB password buffer overflow
| nt-samba-bo (337) |  High Risk |
Description:
Samba NetBIOS is vulnerable to a buffer overflow attack. By submitting a specially formatted password that exceeds the length expected by Samba, an attacker can overflow a buffer and cause the server to execute arbitrary code on the system with root privileges. In order for an attacker to do this, a valid SMB session must be negotiated and a valid username must be used.
Platforms Affected:
- Apple, Mac OS
- Cisco, IOS
- Compaq, Tru64
- Data General, DG/UX
- HP, HP-UX
- IBM, AIX
- IBM, OS2
- Linux, Kernel
- Microsoft, Windows 2000
- Microsoft, Windows 2003 Server
- Microsoft, Windows 95
- Microsoft, Windows 98
- Microsoft, Windows 98SE
- Microsoft, Windows Me
- Microsoft, Windows NT 4.0
- Microsoft, Windows XP
- Novell, NetWare
- Samba, Samba
- SCO, Caldera OpenLinux Base 1.1
- SCO, Caldera OpenLinux Lite 1.1
- SCO, Caldera OpenLinux Standard 1.1
- SCO, SCO Unix
- SGI, IRIX
- Sun, Solaris
- WindRiver, BSDOS
Remedy:
Upgrade to the latest version of Samba (2.0.7 or later), available from the Samba Web site. See References.
For Caldera OpenLinux Base 1.1, Lite 1.1 and Standard 1.1:
Upgrade to the latest samba package (1.9.16p7-1 or later) as listed in Caldera Systems, Inc. Security Advisory SA-1997.24. See References.
— OR —
Upgrade to the lastest version of Samba (1.9.17p2 or later), as listed in CERT Vendor-Initiated Bulletin 97.10. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Access
References:
- Caldera International, Inc. Security Advisory SA-1997.24, Vulnerability in the Samba package at ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1997.24.txt.
- CIAC Information Bulletin H-110, Samba Servers Vulnerability at http://ciac.llnl.gov/ciac/bulletins/h-110.shtml.
- NCNU CERT Vendor-Initiated Bulletin VB-97.10, Security bugfix for Samba at http://ftp.ncnu.edu.tw/Documentation/documents/cert/cert_bulletins/VB-97.10.samba.
- Samba Project Web site, SAMBA Web Pages at http://www.samba.org/.
- BID-1816: SAMBA Long Password Buffer Overflow Vulnerability
- CVE-1999-0182: Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
Reported:
Sep 01, 1997
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net