[Pkg-samba-maint] Bug#451385: CVE-2007-5398 remote code execution via NetBIOS replies
Nico Golde
nion at debian.org
Thu Nov 15 15:48:41 UTC 2007
Package: samba
Version: 3.0.24-6etch4
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for samba.
CVE-2007-5398:
| Secunia Research has discovered a vulnerability in Samba, which can be
| exploited by malicious people to compromise a vulnerable system.
|
| The vulnerability is caused due to a boundary error within the
| "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending
| NetBIOS replies. This can be exploited to cause a stack-based buffer
| overflow by sending multiple specially crafted WINS "Name Registration"
| requests followed by a WINS "Name Query" request.
|
| Successful exploitation allows execution of arbitrary code, but
| requires that Samba is configured to run as a WINS server (the "wins
| support" option is enabled).
This information is from:
http://secunia.com/secunia_research/2007-90/advisory/
Mitre did not yet published it but it will be available later on [0].
Please also see: http://us1.samba.org/samba/security/CVE-2007-4572.html
and http://us1.samba.org/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch
for the patch.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20071115/bed10c88/attachment.pgp
More information about the Pkg-samba-maint
mailing list