|
Samba Two Buffer Overflow Vulnerabilities
|
|
Secunia Advisory:
|
SA12130
|
|
|
Release Date:
|
2004-07-23
|
|
Popularity:
|
15,769 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Samba 2.x
Samba 3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Two vulnerabilities have been reported in Samba, potentially allowing malicious people to compromise a vulnerability system.
1) The vulnerability is caused due to a boundary error when decoding base64 data during HTTP basic authentication. This can potentially be exploited to cause a buffer overflow.
2) The vulnerability is caused due to a boundary error in the code used to handle "mangling method = hash". This can potentially be exploited to cause a buffer overflow.
The default setting in Samba 3 and later is "mangling method = hash2". A default installation of Samba 3 is therefore not vulnerable to issue 2.
Issue 1 affects Samba 3.0.2 to 3.0.4.
Issue 2 affects Samba 3.0.0 to 3.0.4 and Samba 2.2.9 and prior.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
