SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012235
SecurityTracker URL:  http://securitytracker.com/id/1012235
CVE Reference:   CVE-2004-0882   (Links to External Site)
Date:  Nov 15 2004
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): 3.0 - 3.0.7
Description:   A vulnerability was reported in Samba in the processing of QFILEPATHINFO requests. A remote authenticated user can execute arbitrary code on the target system.

Stefan Esser of e-matters GmbH reported that a remote authenticated user can send a specially crafted TRANSACT2_QFILEPATHINFO request for a specially crafted filename containing unicode characters to trigger a buffer overflow. When the filename's unicode characters are converted by the target server in constructing the reply, the space allocated by the server may be overflowed.

If the filename does not already exist on the target server, the remote authenticated user must have write access to create the specially crafted filename before issuing the request.

The vendor was notified on September 24, 2004.

Default installations are affected.

The original advisory is available at:

http://security.e-matters.de/advisories/132004.html

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   The vendor has released a fixed version (3.0.8), available at:

http://www.samba.org/samba/download/

Vendor URL:  www.samba.org/ (Links to External Site)
Cause:   Boundary error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 19 2004 (Red Hat Issues Fix) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Nov 19 2004 (Mandrake Issues Fix) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
Mandrake has released a fix.
Nov 26 2004 (Conectiva Issues Fix) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
Conectiva has released a fix.
Nov 30 2004 (Fedora Issues Fix for FC2) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 2.
Nov 30 2004 (Fedora Issues Fix for FC3) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 3.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC