samba
Page content
- Author: vmiklos
- Vulnerable: 3.0.26-2sayshell1
- Unaffected: 3.0.26-2sayshell2
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “send_mailslot()” function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted “SAMLOGON” domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string. Successful exploitation allows execution of arbitrary code, but requires that the “domain logons” option is enabled.
- Bug Tracker URL: http://bugs.frugalware.org/task/2666