Samba smbd Security Descriptor Parsing Remote Overflow

critical Nessus Plugin ID 15985

Language:

Synopsis

Remote code may be run on the remote server.

Description

The remote Samba server, according to its version number, is vulnerable to a remote buffer overrun resulting from an integer overflow vulnerability.

To exploit this flaw, an attacker would need to send to the remote host a malformed packet containing hundreds of thousands of ACLs, which would in turn cause an integer overflow resulting in a small pointer being allocated.

An attacker needs a valid account or enough credentials to exploit this flaw.

Solution

Upgrade to Samba 3.0.10 or later.

Plugin Details

Severity: Critical

ID: 15985

File Name: samba_dacl_overflow.nasl

Version: 1.13

Type: remote

Family: Gain a shell remotely

Published: 12/16/2004

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2005

Vulnerability Publication Date: 12/16/2004

Reference Information

CVE: CVE-2004-1154

BID: 11973

Detections

Analytics