samba-nmbdexec.txt

samba-nmbdexec.txt: Posted Nov 16, 2007; Site samba.org; Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba versions 3.0.0 through 3.0.26a are affected.; tags | advisory, arbitrary; advisories | CVE-2007-5398; SHA-256 | 7a6aaa8cc3ce4cf137b54f1d068c43453788e1a7634e15e4e06912ccca08983b; Download | Favorite | View

samba-nmbdexec.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================
==
== Subject:     Remote code execution in Samba's WINS
==              server daemon (nmbd) when processing name
==              registration followed name query requests.
==
== CVE ID#:     CVE-2007-5398
==
== Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
==
== Summary:     When nmbd has been configured as a WINS
==              server, a client can send a series of name
==              registration request followed by a specific
==              name query request packet and execute
==              arbitrary code.
==
==========================================================

===========
Description
===========

Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd.  This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.


==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 3.0.27 has been issued as a security
release to correct the defect.


==========
Workaround
==========

Samba administrators may avoid this security issue by
disabling the "wins support" feature in the hosts smb.conf
file.


=======
Credits
=======

This vulnerability was reported to Samba developers by
Alin Rad Pop, Secunia Research.

The time line is as follows:

* Oct 30, 2007: Initial report to security@samba.org.
* Oct 30, 2007: First response from Samba developers confirming
  the bug along with a proposed patch.
* Nov 15, 2007: Public security advisory to be made available.


==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHPEe6IR7qMdg1EfYRAqoAAJsHFk1kScYHweqRny4PP4ngQaFo7QCdElle
Cv+e7K/AE69rXcmeU67jHzQ=
=9Wap
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 419 files
Ubuntu 107 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 7 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,896)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,654)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,152)
UNIX (9,340)
UnixWare (187)
Windows (6,609)
Other

samba-nmbdexec.txt

samba-nmbdexec.txt

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

samba-nmbdexec.txt

Share This

samba-nmbdexec.txt

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems