FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- buffer overflow vulnerability

Affected packages
ja-samba < 3.0.28
*,1 < ja-samba < 3.0.28,1
samba < 3.0.28
*,1 < samba < 3.0.28,1
samba3 < 3.0.28
*,1 < samba3 < 3.0.28,1

Details

VuXML ID ffcbd42d-a8c5-11dc-bec2-02e0185f8d72
Discovery 2007-12-10
Entry 2007-12-12
Modified 2008-09-26

Secuna Research reports:

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "send_mailslot()" function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string. Successful exploitation allows execution of arbitrary code, but requires that the "domain logons" option is enabled.

[source]

References

CVE Name CVE-2007-6015
URL http://secunia.com/advisories/27760/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.