Details are emerging about a moderately critical vulnerability in Samba. A flaw in Samba may lead to a buffer overflow resulting in execution of arbitrary code.
It was recently announced that a vulnerability exists in samba which is caused by a boundary error within the "send_mailslot()" function. This boundary error can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string.
Successful exploitation of the vulnerability allows execution of arbitrary code, but requires that the "domain logons" option is enabled.
A patch and a workaround have been made available.
More information can be found below.
Posted by Nathan Heck on December 14, 2007, in Handlers Log.