SECUNIA ADVISORY ID: SA24046
VERIFY ADVISORY: http://secunia.com/advisories/24046/
CRITICAL: Moderately critical
IMPACT: DoS, System access
SOFTWARE: Samba 3.x - http://secunia.com/product/2999/
DESCRIPTION: Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) Under certain conditions, smbd fails to remove requests from the deferred file open queue. This can be exploited to cause a DoS due to heavy resource usage by triggering an infinite loop when renaming a file under special circumstances.
2) Samba uses filenames as format string parameter in a call to "sprintf()" when setting Windows NT Access Control Lists using the afsacl.so VFS plugin. This can potentially be exploited to execute arbitrary code.
Successful exploitation requires that an AFS file system is shared to CIFS clients using the afsacl.so VFS module and that the attacker has write access to the share.
SOLUTION: Update to version 3.0.24.
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits zybadawg333.
ORIGINAL ADVISORY:
http://us1.samba.org/samba/security/CVE-2007-0452.html
http://us1.samba.org/samba/security/CVE-2007-0454.html
Samba Denial of Service and Format String VulnerabilityPosted on Tuesday, February 06, 2007 @ 04:52:21 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
