Samba vulnerable to integer overflow processing file security descriptors

Overview

Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Description

Samba is an open-source implementation of SMB/CIFS file and print services. It is frequently included in UNIX and Linux distributions and is typically used provide file and print services to Windows clients.

The Samba daemon, smbd, contains a vulnerability in code that processes file security descriptors. While allocating heap memory to store security descriptors, a 32-bit integer counter may overflow (wrap). This counter is truncated and used by smbd to allocate memory to store security descriptors. Without checking the size of this value, smbd may allocate insufficient memory, resulting in a buffer overflow. Heap memory control structures can be overwritten, corrupting heap memory, and possibly allowing the execution of arbitrary code. More information is available in iDEFENSE Security Advisory 12.16.04.

An authenticated, remote attacker could exploit this vulnerability using a specially crafted SMB packet. Note that an attacker may be authenticated to an anonymous share, in which case the attacker would not require valid credentials, just a TCP connection.

---

Impact

An authenticated, remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The smbd daemon typically runs with root privileges.

---

Solution

Patch or upgrade
Apply a patch or upgrade as specified by your vendor. This vulnerability is addressed in Samba 3.0.10 and a patch (with signature) is available for Samba 3.0.9.

---

Restrict access

The Samba Server Security web page documents several ways to restrict access to Samba servers based on network interface, IP network, and TCP ports (139 and 445). Also, consider disabling or carefully restricting access to anonymous shares.

---

Vendor Information

226184

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Samba __ Affected

Updated: December 17, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the Samba Security Announcement and the release announcement for Samba 3.0.10.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Hitachi __ Not Affected

Notified: December 17, 2004 Updated: December 22, 2004

Status

Not Affected

Vendor Statement

Hitachi HI-UX/WE2 is NOT VULNERABLE to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Microsoft Corporation __ Not Affected

Notified: December 17, 2004 Updated: December 23, 2004

Status

Not Affected

Vendor Statement

We have been unable to identify any issues with the Microsoft implementation of SMB in relation to the bug reported in Samba.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Apple Computer Inc. __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Conectiva __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Cray Inc. __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Debian __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

EMC Corporation __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Engarde __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

F5 Networks __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

FreeBSD __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Fujitsu __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

IBM __ Unknown

Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

IBM eServer __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

IBM-zSeries __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Immunix __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Ingrian Networks __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Juniper Networks __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

MandrakeSoft __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

MontaVista Software __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

NEC Corporation __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

NETBSD __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Nokia __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Novell __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

OpenBSD __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Red Hat Inc. __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

SCO __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

SGI __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Sequent __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Sony Corporation __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

SuSE Inc. __ Unknown

Notified: December 17, 2004 Updated: December 20, 2004

Status

Unknown

Vendor Statement

Update packages for samba 3 and samba 2 will be repleased by SUSE LINUX within week 52. Our customers can download the fixed packages by using YOU or directly by using FTP. The links are available at:

<http://www.suse.com/en/private/download/updates/index.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Sun Microsystems Inc. __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

TurboLinux __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Unisys __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

Wind River Systems Inc. __ Unknown

Notified: December 17, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23226184 Feedback>).

View all 37 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.idefense.com/application/poi/display?id=165&gt;
• <http://www.samba.org/samba/news/#3.0.10&gt;
• <http://www.samba.org/samba/security/CAN-2004-1154.html&gt;
• <http://www.samba.org/samba/ftp/patches/security/samba-3.0.9-CAN-2004-1154.patch.asc&gt;
• <http://www.samba.org/samba/ftp/patches/security/samba-3.0.9-CAN-2004-1154.patch&gt;
• <http://www.samba.org/samba/history/security.html&gt;
• <http://www.samba.org/samba/docs/server_security.html&gt;
• <http://secunia.com/advisories/13453/&gt;

Acknowledgements

This vulnerability was reported by iDEFENSE.

This document was written by Art Manion.

Other Information

CVE IDs:	CVE-2004-1154
Severity Metric:	14.40 Date Public: