Detections
Analytics

FreeBSD : samba -- potential leakage of arbitrary memory contents (1583640d-be20-11dd-a578-0030843d3802)

high Nessus Plugin ID 34976

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Samba Team reports :

Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to servers and back using small SMB requests and contain two offsets: One offset (A) pointing into the PDU sent by the client and one (B) to direct the transferred contents into the buffer built on the server side. While the range checking for offset (B) is correct, a cut and paste error lets offset (A) pass completely unchecked against overflow.

The buffers passed into trans, trans2 and nttrans undergo higher-level processing like DCE/RPC requests or listing directories. The missing bounds check means that a malicious client can make the server do this higher-level processing on arbitrary memory contents of the smbd process handling the request. It is unknown if that can be abused to pass arbitrary memory contents back to the client, but an important barrier is missing from the affected Samba versions.

Solution

Update the affected packages.

See Also

https://www.samba.org/samba/security/CVE-2008-4314.html

http://www.nessus.org/u?e187380b

Plugin Details

Severity: High

ID: 34976

File Name: freebsd_pkg_1583640dbe2011dda5780030843d3802.nasl

Version: 1.15

Type: local

Published: 12/1/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ja-samba, p-cpe:/a:freebsd:freebsd:samba, p-cpe:/a:freebsd:freebsd:samba3, p-cpe:/a:freebsd:freebsd:samba32-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/29/2008

Vulnerability Publication Date: 11/27/2008

Reference Information

CVE: CVE-2008-4314

CWE: 200

Secunia: 32813