lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 15 Nov 2007 07:20:13 -0600
From: "Gerald (Jerry) Carter" <jerry@...ba.org>
To: bugtraq@...urityfocus.com
Cc: security@...ba.org
Subject: [SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun
 in nmbd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================
==
== Subject:     Stack buffer overflow in nmbd's logon
==              request processing.
==
== CVE ID#:     CVE-2007-4572
==
== Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
==
== Summary:     Processing of specially crafted GETDC
==              mailslot requests can result in a buffer
==              overrun in nmbd.  It is not believed that
==              that this issues can be exploited to
==              result in remote code execution.
==
==========================================================

===========
Description
===========

Samba developers have discovered what is believed to be
a non-exploitable buffer over in nmbd during the processing
of GETDC logon server requests.  This code is only used
when the Samba server is configured as a Primary or Backup
Domain Controller.


==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 3.0.27 has been issued as a security
release to correct the defect.


==========
Workaround
==========

Samba administrators may avoid this security issue by disabling
both the "domain logons" and the "domain master" options in in
the server's smb.conf file.  Note that this will disable all
domain controller features as well.


=======
Credits
=======

This vulnerability was discovered by Samba developers during
an internal code audit.

The time line is as follows:

* Sep 13, 2007: Initial report to security@...ba.org including
  proposed patch.
* Sep 14, 2007: Patch review by members of the Josh Bressers
  (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
* Nov 15, 2007: Public security advisory made available.



==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHPEeNIR7qMdg1EfYRAmKMAKCDcXmqRSNbCHZFS4GzGo7oVUl08gCfS/sY
d6F8+jrnT59SZgCXfftImEA=
=oC2/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ