what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2007-5398

Status Candidate

Overview

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.

Related Files

HP Security Bulletin 2008-00.75
Posted Jun 28, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-1105
SHA-256 | b07a1969c9e19ab44a7eaed0477dc1a152f0151edef73b9f1b6a086e45449019
HP Security Bulletin 2007-14.95
Posted Mar 13, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015
SHA-256 | 3bae5d2dd4db78af21f99c784c9b4a0885c6f68a20b226243b6e92f2fe7d6701
VMware Security Advisory 2008-0001.1
Posted Jan 24, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
SHA-256 | 483d9d8f7624eaf97e973bf1a873f074836e2faa50411880fd4a74ea047d49c1
VMware Security Advisory 2008-0001
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
SHA-256 | be7e78ccb4f20704221fb7366e2271392d4aa26ec0d833801cc6ea984541e69f
samba_nmbddos.c
Posted Dec 18, 2007
Authored by Robert Molnar

Denial of service exploit for Samba versions below 3.0.27 that makes use of the NetBIOS replies stack-based buffer overflow vulnerability.

tags | exploit, denial of service, overflow
advisories | CVE-2007-5398
SHA-256 | 13b15c6ad78154402de08612787c7e30f7b1206cd98e40ebad4afcb0611dc21b
SUSE-SA-2007-065.txt
Posted Dec 7, 2007
Site suse.com

SUSE Security Announcement - Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled. Another bug reported by Secunia Research affected the processing of GETDC mailslot request in nmbd. This error can also be exploited remotely to execute arbitrary code, but only if samba was configured as Primary or Backup Domain Controller.

tags | advisory, remote, arbitrary
systems | linux, suse
advisories | CVE-2007-4572, CVE-2007-5398
SHA-256 | ad906016b500d1e5bc098bc8ed4d3e432bd693ee9ad7dbe618e3d53a2f4b70e2
Mandriva Linux Security Advisory 2007.224
Posted Nov 30, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 48766d685990315070f438d337357a3ed5e8bf3ab023ea7a9133edf9cbbf5de3
Debian Linux Security Advisory 1409-3
Posted Nov 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, unix, debian
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 5cf11e10c5649423ca621dbf1d4a4566f81cccf2418df1769e870c3d08f35635
Debian Linux Security Advisory 1409-2
Posted Nov 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, unix, debian
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | d70a3a64fa245941097ed490e8c67aafe93f38b1d67eee03a77465a45d074491
Mandriva Linux Security Advisory 2007.224
Posted Nov 27, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | de07a6fe0e701ed7b01f3f5eefbb5bb47c729a17d5667f73d90e8d5560bcb97f
Debian Linux Security Advisory 1409-1
Posted Nov 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1409-1 - Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, unix, debian
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 90ef17da4ecc0bbb818047ae191a554b66bbb5b7e4c207a851753ccdd7aff3ff
Mandriva Linux Security Advisory 2007.224
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The patch that fixed CVE-2007-4572 introduced a regression that would prevent shares from being mounted properly and would cause the remote (patched) smbd to crash. This update contains another fix from upstream to correct the problem.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 1b3f94b8569cfc063704531efc34b38497061332bf568a6d155f7bfe07342004
Gentoo Linux Security Advisory 200711-29
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-29 - Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia Research) discovered a boundary checking error in the reply_netbios_packet() function which could lead to a stack-based buffer overflow. The Samba developers discovered a boundary error when processing GETDC logon requests also leading to a buffer overflow. Versions less than 3.0.26a-r2 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4572, CVE-2007-5398
SHA-256 | f46e72487552f1168508968dbcdd379e12d68c8d63c41e0bb358bfad44f2d20b
Mandriva Linux Security Advisory 2007.224
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 83d5b0dd849e4e35c44a64b9afa630d6a714b53342787478993a57b5acf5efcc
Ubuntu Security Notice 544-2
Posted Nov 26, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 544-2 - USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 7152013b46f108aed4a465d8f1aab00f582a6a4ba4d2f046e5d6df11f307612b
Ubuntu Security Notice 544-1
Posted Nov 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 544-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-5398, CVE-2007-4572
SHA-256 | 8794e30d017c457d435c1cd66eb1dc2b13305d4ad05862bf79e3c41da34f5325
secunia-netbios.txt
Posted Nov 16, 2007
Site secunia.com

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Samba version 3.0.26a is affected.

tags | advisory, overflow
advisories | CVE-2007-5398
SHA-256 | 0d8f18d022ed10d9b2f2f18b1e118ebbf1137681dd01fadae9f56046a140eb21
samba-nmbdexec.txt
Posted Nov 16, 2007
Site samba.org

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba versions 3.0.0 through 3.0.26a are affected.

tags | advisory, arbitrary
advisories | CVE-2007-5398
SHA-256 | 7a6aaa8cc3ce4cf137b54f1d068c43453788e1a7634e15e4e06912ccca08983b
secunia-samba.txt
Posted Nov 15, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). Samba version 3.0.26a is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2007-5398
SHA-256 | 82afed15d3f975d552bba9eead56ad36e744e8f82013c3f2af53a1c26f333832
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close