Samba Denial of Service and Format String Vulnerability

Posted on Tuesday, February 06, 2007 @ 05:52:21 PST in Security
by Raven

SECUNIA ADVISORY ID: SA24046

VERIFY ADVISORY: http://secunia.com/advisories/24046/

CRITICAL: Moderately critical

IMPACT: DoS, System access

SOFTWARE: Samba 3.x - http://secunia.com/product/2999/

DESCRIPTION: Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.


1) Under certain conditions, smbd fails to remove requests from the deferred file open queue. This can be exploited to cause a DoS due to heavy resource usage by triggering an infinite loop when renaming a file under special circumstances.

2) Samba uses filenames as format string parameter in a call to "sprintf()" when setting Windows NT Access Control Lists using the afsacl.so VFS plugin. This can potentially be exploited to execute arbitrary code.

Successful exploitation requires that an AFS file system is shared to CIFS clients using the afsacl.so VFS module and that the attacker has write access to the share.

SOLUTION: Update to version 3.0.24.

PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits zybadawg333.

ORIGINAL ADVISORY:
http://us1.samba.org/samba/security/CVE-2007-0452.html
http://us1.samba.org/samba/security/CVE-2007-0454.html
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,286,992
  • Today: 25,380
Server InfoServer Info
  • Jan 20, 2018
  • 03:14 pm PST
 
 

Daily Inspiration