Description
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
Affected products
- HP / cifs-9000_servera.01.05 β a.01.05
- HP / cifs-9000_servera.01.06 β a.01.06
- HP / cifs-9000_servera.01.07 β a.01.07
- HP / cifs-9000_servera.01.08 β a.01.08
- HP / cifs-9000_servera.01.08.01 β a.01.08.01
- HP / cifs-9000_servera.01.09 β a.01.09
- HP / cifs-9000_servera.01.09.01 β a.01.09.01
- Samba / Samba2.0.7 β 2.0.7
- Samba / Samba2.0.8 β 2.0.8
- Samba / Samba2.0.9 β 2.0.9
- Samba / Samba2.0.10 β 2.0.10
- Samba / Samba2.2.0 β 2.2.0
- Samba / Samba2.2.0a β 2.2.0a
- Samba / Samba2.2.1a β 2.2.1a
- Samba / Samba2.0.0 β 2.0.0
- Samba / Samba2.2.3 β 2.2.3
- Samba / Samba2.2.3a β 2.2.3a
- Samba / Samba2.2.4 β 2.2.4
- Samba / Samba2.2.5 β 2.2.5
- Samba / Samba2.2.6 β 2.2.6
- Samba / Samba2.2.7 β 2.2.7
- Samba / Samba2.2.7a β 2.2.7a
- Samba / Samba2.2.2 β 2.2.2
- Samba / Samba2.0.1 β 2.0.1
- Samba / Samba2.0.2 β 2.0.2
- Samba / Samba2.0.3 β 2.0.3
- Samba / Samba2.0.4 β 2.0.4
- Samba / Samba2.0.5 β 2.0.5
- Samba / Samba2.0.6 β 2.0.6
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=104792723017768&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=104792646416629&w=2
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
- MISChttp://www.securityfocus.com/archive/1/316165/30/25370/threaded
- MISChttp://www.securityfocus.com/archive/1/316165/30/25370/threaded
- MISChttp://www.redhat.com/support/errata/RHSA-2003-096.html
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552
- MAILING_LISThttp://marc.info/?l=bugtraq&m=104801012929374&w=2
- MISChttp://www.securityfocus.com/bid/7106
- MISChttp://www.redhat.com/support/errata/RHSA-2003-095.html
- MISChttp://www.kb.cert.org/vuls/id/298233
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2003_016_samba.html
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:032
- MISChttp://www.securityfocus.com/archive/1/317145/30/25220/threaded
- VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-262
- MISChttp://www.securityfocus.com/archive/1/317145/30/25220/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/8303
- VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
- VENDOR_ADVISORYhttp://secunia.com/advisories/8299