|
Samba Two Buffer Overflow Vulnerabilities
|
|
Secunia Advisory:
|
SA12130
|
|
|
Release Date:
|
2004-07-23
|
|
Popularity:
|
14,067 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Samba 2.x
Samba 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2004-0600
CVE-2004-0686
|
|
Description:
Two vulnerabilities have been reported in Samba, potentially allowing malicious people to compromise a vulnerability system.
1) The vulnerability is caused due to a boundary error when decoding base64 data during HTTP basic authentication. This can potentially be exploited to cause a buffer overflow.
2) The vulnerability is caused due to a boundary error in the code used to handle "mangling method = hash". This can potentially be exploited to cause a buffer overflow.
The default setting in Samba 3 and later is "mangling method = hash2". A default installation of Samba 3 is therefore not vulnerable to issue 2.
Issue 1 affects Samba 3.0.2 to 3.0.4.
Issue 2 affects Samba 3.0.0 to 3.0.4 and Samba 2.2.9 and prior.
Solution:
Both issues have been fixed in Samba version 3.0.5 and issue 2 has been fixed in Samba version 2.2.10.
http://us2.samba.org/samba/ftp/
Provided and/or discovered by:
Issue 1 discovered by Evgeny Demidov.
Original Advisory:
http://www.samba.org/samba/whatsnew/samba-3.0.5.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
