CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
EPSS
Percentile
90.8%
All current released versions of Samba are vulnerable to a denial of
service on the smbd file server daemon.
Valid unicode path names stored on disk can cause smbd to
crash if an authenticated client attempts to read them
using a non-unicode request.
The crash is caused by memory being overwritten by
zeros at a 4GB offset from the expected return buffer
area, due to an invalid return code from a bad unicode
to Windows character set conversion.
Currently it is not believed to be exploitable by
an attacker, as there is no way to control the
exact area of memory being overwritten. However,
in the interests of safety this is being treated
as a security issue.
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.
None.
This problem was found and reported by Simon Arlott. The analysis
and fix were provided by Jeremy Allison of Google.