Gentoo: 200303-11 Critical: Samba Buffer Overflow Remote Exploit
gentoo
March 17, 2003
A buffer overflow and race condition vulnerabilities have been fixed
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
- From advisory:
"The SuSE security audit team, in particular Sebastian Krahmer, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server."
"A buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address space. This could allow a skilled attacker to inject binary specific exploit code into smbd."
Read the full advisory at:
SOLUTION
It is recommended that all Gentoo Linux users who are running net-fs/samba upgrade to samba-2.2.8 as follows:
emerge sync emerge s...Read the Full Advisory
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : samba
SUMMARY : buffer overrun
DATE : 2003-03-17 09:22 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.2.8 : fixed version>=2.2.8
CVE : CAN-2003-0085 CAN-2003-0086
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!