HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.
b07a1969c9e19ab44a7eaed0477dc1a152f0151edef73b9f1b6a086e45449019HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The vulnerability could be exploited remotely to execute arbitrary code.
3bae5d2dd4db78af21f99c784c9b4a0885c6f68a20b226243b6e92f2fe7d6701VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.
483d9d8f7624eaf97e973bf1a873f074836e2faa50411880fd4a74ea047d49c1VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.
be7e78ccb4f20704221fb7366e2271392d4aa26ec0d833801cc6ea984541e69fDenial of service exploit for Samba versions below 3.0.27 that makes use of the NetBIOS replies stack-based buffer overflow vulnerability.
13b15c6ad78154402de08612787c7e30f7b1206cd98e40ebad4afcb0611dc21bSUSE Security Announcement - Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled. Another bug reported by Secunia Research affected the processing of GETDC mailslot request in nmbd. This error can also be exploited remotely to execute arbitrary code, but only if samba was configured as Primary or Backup Domain Controller.
ad906016b500d1e5bc098bc8ed4d3e432bd693ee9ad7dbe618e3d53a2f4b70e2Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572.
48766d685990315070f438d337357a3ed5e8bf3ab023ea7a9133edf9cbbf5de3Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
5cf11e10c5649423ca621dbf1d4a4566f81cccf2418df1769e870c3d08f35635Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
d70a3a64fa245941097ed490e8c67aafe93f38b1d67eee03a77465a45d074491Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.
de07a6fe0e701ed7b01f3f5eefbb5bb47c729a17d5667f73d90e8d5560bcb97fDebian Security Advisory 1409-1 - Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
90ef17da4ecc0bbb818047ae191a554b66bbb5b7e4c207a851753ccdd7aff3ffMandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The patch that fixed CVE-2007-4572 introduced a regression that would prevent shares from being mounted properly and would cause the remote (patched) smbd to crash. This update contains another fix from upstream to correct the problem.
1b3f94b8569cfc063704531efc34b38497061332bf568a6d155f7bfe07342004Gentoo Linux Security Advisory GLSA 200711-29 - Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia Research) discovered a boundary checking error in the reply_netbios_packet() function which could lead to a stack-based buffer overflow. The Samba developers discovered a boundary error when processing GETDC logon requests also leading to a buffer overflow. Versions less than 3.0.26a-r2 are affected.
f46e72487552f1168508968dbcdd379e12d68c8d63c41e0bb358bfad44f2d20bMandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges.
83d5b0dd849e4e35c44a64b9afa630d6a714b53342787478993a57b5acf5efccUbuntu Security Notice 544-2 - USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience.
7152013b46f108aed4a465d8f1aab00f582a6a4ba4d2f046e5d6df11f307612bUbuntu Security Notice 544-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.
8794e30d017c457d435c1cd66eb1dc2b13305d4ad05862bf79e3c41da34f5325Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Samba version 3.0.26a is affected.
0d8f18d022ed10d9b2f2f18b1e118ebbf1137681dd01fadae9f56046a140eb21Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba versions 3.0.0 through 3.0.26a are affected.
7a6aaa8cc3ce4cf137b54f1d068c43453788e1a7634e15e4e06912ccca08983bSecunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). Samba version 3.0.26a is affected.
82afed15d3f975d552bba9eead56ad36e744e8f82013c3f2af53a1c26f333832
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed