You are here

U-110: Samba Bug Lets Remote Users Execute Arbitrary Code

February 24, 2012 - 7:30am

Addthis

PROBLEM:

A vulnerability was reported in Samba.

PLATFORM:

Version(s): prior to 3.4.0

ABSTRACT:

A remote user can send specially crafted data to the smbd service to trigger a flaw in chain_reply() and construct_reply() and execute arbitrary code on the target system.

reference LINKS:

Vendor Advisory
Security Tracker ID 1026739
CVE-2012-0870

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in Samba. A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to the smbd service to trigger a flaw in chain_reply() and construct_reply() and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon (smbd) are increasing strictly monotonically. Therefore a remote code execution vulnerability exists in the smbd service. A remote attacker could use the vulnerability to launch an exploit over a network connection.

Impact:

Execution of arbitrary code via network, User access via network

Solution:

A patch addressing this defect has been posted to Samba Security

Addthis