Samba send_mailslot() Buffer Overflow Vulnerability

Details are emerging about a moderately critical vulnerability in Samba. A flaw in Samba may lead to a buffer overflow resulting in execution of arbitrary code.

It was recently announced that a vulnerability exists in samba which is caused by a boundary error within the "send_mailslot()" function. This boundary error can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string.

Successful exploitation of the vulnerability allows execution of arbitrary code, but requires that the "domain logons" option is enabled.

A patch and a workaround have been made available.

More information can be found below.'s Advisory:

Secunia advisory:

CVE-2007-6015 (Candidate):

Posted by Nathan Heck on December 14, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at

PDF files can be viewed in Adobe Acrobat Reader.