exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

CVE-2007-4572

Status Candidate

Overview

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

Related Files

Ubuntu Security Notice 617-2
Posted Jul 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-1105, CVE-2007-4572
MD5 | 1a96557d0ecb7fc857c3b1519608d098
HP Security Bulletin 2008-00.75
Posted Jun 28, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-1105
MD5 | 6062acd3e10bdd7f313d85a01264ff04
Ubuntu Security Notice 617-1
Posted Jun 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4572, CVE-2008-1105
MD5 | aa534b412941f7c7ac477625b6203640
HP Security Bulletin 2007-14.95
Posted Mar 13, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015
MD5 | ce71fdcaa53d0b48c9b5b3619b1f003c
VMware Security Advisory 2008-0001.1
Posted Jan 24, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
MD5 | 32513e301c91fd38b9f8ec6889e3cd68
VMware Security Advisory 2008-0001
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
MD5 | 1df09e78239ba4cc4fd6cebba03a8ad0
SUSE-SA-2007-065.txt
Posted Dec 7, 2007
Site suse.com

SUSE Security Announcement - Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled. Another bug reported by Secunia Research affected the processing of GETDC mailslot request in nmbd. This error can also be exploited remotely to execute arbitrary code, but only if samba was configured as Primary or Backup Domain Controller.

tags | advisory, remote, arbitrary
systems | linux, suse
advisories | CVE-2007-4572, CVE-2007-5398
MD5 | bf30e29987d3f708bc1c72c9e184b784
Mandriva Linux Security Advisory 2007.224
Posted Nov 30, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | 35c3dfda88c38965355ccbfee1082a66
Debian Linux Security Advisory 1409-3
Posted Nov 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, unix, debian
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | 35eb85ee31049d6fb7c6321f9ecc5f02
Debian Linux Security Advisory 1409-2
Posted Nov 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, unix, debian
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | c61953cd66f9d45ae2767f3433a17404
Mandriva Linux Security Advisory 2007.224
Posted Nov 27, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | af94122a03abb9e752f705e053cd564a
Debian Linux Security Advisory 1409-1
Posted Nov 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1409-1 - Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, unix, debian
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | 01a6d1c5ccb32c0ac079aa4a9191785c
Mandriva Linux Security Advisory 2007.224
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The patch that fixed CVE-2007-4572 introduced a regression that would prevent shares from being mounted properly and would cause the remote (patched) smbd to crash. This update contains another fix from upstream to correct the problem.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | 1fda8ef98ab122a72043e22e01082e10
Gentoo Linux Security Advisory 200711-29
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-29 - Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia Research) discovered a boundary checking error in the reply_netbios_packet() function which could lead to a stack-based buffer overflow. The Samba developers discovered a boundary error when processing GETDC logon requests also leading to a buffer overflow. Versions less than 3.0.26a-r2 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4572, CVE-2007-5398
MD5 | 59576880c4488e87c92b0899e49e96d3
Mandriva Linux Security Advisory 2007.224
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | c32c1a151a0949b55ac1568072ffec25
Ubuntu Security Notice 544-2
Posted Nov 26, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 544-2 - USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | 72259e6752df012d7870529f5775034a
Ubuntu Security Notice 544-1
Posted Nov 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 544-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-5398, CVE-2007-4572
MD5 | 16bd422ddf2c0a218797ed724276624b
samba-nmbdoverflow.txt
Posted Nov 15, 2007
Site samba.org

Samba versions 3.0.0 through 3.0.26a suffer from a vulnerability where the processing of specially crafted GETDC mailslot requests can result in a buffer overrun in nmbd.

tags | advisory, overflow
advisories | CVE-2007-4572
MD5 | 075f97f649c9adb362e7901b79904f00
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close