Samba dinged by ‘highly critical’ flaw

Samba dinged by ‘highly critical’ flaw

May 28th, 2008

at Secunia have flagged a “highly critical” vulnerability in Samba, the
widely deployed open-source software for networked file sharing and

According to an advisory
from Secunia, the vulnerability affects Samba versions 3.0.28a and
3.0.29 and  can be exploited by malicious people to compromise a
vulnerable system.

Technical details:

The vulnerability is caused due to a boundary error
within the “receive_smb_raw()” function in lib/util_sock.c when parsing
SMB packets. This can be exploited to cause a heap-based buffer
overflow via an overly large SMB packet received in a client context.

Successful exploitation allows execution of arbitrary code by
tricking a user into connecting to a malicious server (e.g. by clicking
an “smb://” link) or by sending specially crafted packets to an “nmbd”
server configured as a local or domain master browser.

Samba maintainers have issued a separate alert to warn that specially crafted SMB responses can result in a heap overflow in the Samba client code.

Because the server process, smbd, can itself act as a
client during operations such as printer notification and domain
authentication, this issue affects both Samba client and server

A high-priority patch is available from the security center.

[Source: Zdnet]