Info

Disclosure

May 14, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 11, 2007

Description

A remote overflow exists in Samba. The application fails to properly verify user-suplied input when parsing RPC requests to the SPOOLSS RPC interface resulting in a heap-based overflow. With a specially crafted request to RFNPCNEX, an attacker can cause heap space to be overwritten and possible trigger the execution of arbitrary code resulting in a loss of integrity or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private, Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 3.0.25 or higher, as it has been reported to fix this vulnerability. In addition, Samba has released a patch for some older versions.

Products

Samba Project	Samba	3.0.1
		3.0.2
		3.0.3
		3.0.4
		3.0.5
		3.0.0
		3.0.6
		3.0.2a
		3.0.8
		3.0.21
		3.0.21a
		3.0.21b
		3.0.21c
		3.0.7
		3.0.9
		3.0.10
		3.0.11
		3.0.12
		3.0.13
		3.0.14
		3.0.14a
		3.0.20
		3.0.20a
		3.0.20b
		3.0.22
		3.0.23
		3.0.23a
		3.0.23b
		3.0.23c
		3.0.23d
		3.0.24
		3.0.25rc3

References

CVE ID: 2007-2446 (see also: NVD)
Bugtraq ID: 23973
Secunia Advisory ID: 25232 25241 25246 25251 25255 25256 25257 25259 25270 25289 25391 25567 25675 25772 26235 26909 27706 28292
Related OSVDB ID: 34698 34699 34700 34731 34733
CERT VU: 773720
VUPEN Advisory: ADV-2007-1805
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070502-01-P.asc http://docs.info.apple.com/article.html?artnum=306172
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00047.html
http://lists.rpath.com/pipermail/security-announce/2007-May/000187.html
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml
http://www.gentoo.org/security/en/glsa/glsa-200711-23.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-460-1
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
Keyword: HPSBTU02218,SSRT071424
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0200.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0059.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0260.html
http://archives.neohapsis.com/archives/bugtraq/2007-07/0070.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0248.html
Vendor Specific News/Changelog Entry: http://www.samba.org/samba/security/CVE-2007-2446.html
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
https://issues.rpath.com/browse/RPL-1366
Vendor Specific Advisory URL: http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01067768
RedHat RHSA: RHSA-2007:0354

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/34732

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Samba Project

Samba

References

Credit