Gentoo Linux Security Advisory 201206-22 - Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges. Versions less than 3.5.15 are affected.
3a8fd8a24a3985683e4babf848739763a038475b7f8effd578be0119268b2f7fHP Security Bulletin HPSBUX02657 SSRT100460 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.
3ef8602f6dfa5b0b1dc32e28f78484581f6ab01005aa9deb6b822ca3df996745HP Security Bulletin HPSBUX02609 SSRT100147 - A potential security vulnerability has been identified with HP-UX CIFS-Server (Samba). The vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.
2f3911909f01220b9ef5809092a969065918232999f56aa254b2fff5b204e769VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.
d9f282f0d9f5fec35a2bbedbc199700f42e61ad6e7d07ff47128d015784fd210This exploits a memory corruption vulnerability present in Samba versions prior to 3.3.13. When handling chained response packets, Samba fails to validate the offset value used when building the next part. By setting this value to a number larger than the destination buffer size, an attacker can corrupt memory. Additionally, setting this value to a value smaller than 'smb_wct' (0x24) will cause the header of the input buffer chunk to be corrupted. After close inspection, it appears that 3.0.x versions of Samba are not exploitable. Since they use an "InputBuffer" size of 0x20441, an attacker cannot cause memory to be corrupted in an exploitable way. It is possible to corrupt the heap header of the "InputBuffer", but it didn't seem possible to get the chunk to be processed again prior to process exit. In order to gain code execution, this exploit attempts to overwrite a "talloc chunk" destructor function pointer. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the nx memory protection. NOTE: It is possible to make exploitation attempts indefinitely since Samba forks for user sessions in the default configuration.
62e4dbdef10ca045ef1ec88681d7b84288ebd9bf3ef44718fc8ad5724142a978Mandriva Linux Security Advisory 2010-119 - Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. The updated packages have been patched to correct this issue.
35bc65dccb7f463465758b2a11096042af60b3b67233ab5e89d267a59fe5c0a7Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.
5bbe52889b5ab6efa1f730a5287073d2e7fc6e1894b6ca2ae3107304d4641386iDefense Security Advisory 06.16.10 - Remote exploitation of a buffer overflow vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with root privileges. This vulnerability exists in a certain function within Samba, where an attacker could trigger a memory corruption by sending specially crafted SMB requests resulting in heap memory overwritten with attacker supplied data, which can allow attackers to execute code remotely. iDefense has confirmed the existence of this vulnerability in Samba version 3.3.12. Previous versions are suspected to be affected.Samba 3.4.0 and newer versions rewrite the whole logic of the vulnerable function and thus are not affected by this vulnerability.
0f3906ee46ff98f1da265c6dd01ae1df772e0d26f20fe6ac2c61cfa40c024efdUbuntu Security Notice 951-1 - Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user.
9507d496c82c755a408def6dfe5c81f2e0e7ea5c2f1f441bf5399a32f62a4db8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed