Signature Detail

SMB: Mangling File Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the mangling functionality in Samba. A successful attacker can execute arbitrary code with Samba process privileges.

Extended Description

Samba is reported prone to an undisclosed buffer overrun vulnerability, the buffer overrun is reported to exist when Samba is handling file name mangling with the "hash" method. It is conjectured that this vulnerability may present itself when the affected server handles a filename that is sufficient to trigger the vulnerability. To exploit this vulnerability, an attacker may require sufficient access so that they may write a file to a published samba share. It is reported that the vulnerability does not exist in default Samba configurations; by default, Samba is configured to employ "hash2" name mangling. The "hash2" method is not vulnerable. This vulnerability is reported to affect Samba version 3.0.0 and later.

Affected Products

• Conectiva Linux 3.0.0
• Conectiva Linux 8.0.0
• Conectiva Linux 9.0.0
• HP CIFS/9000 Server A.01.11.01
• HP HP-UX B.11.00
• HP HP-UX B.11.11
• HP HP-UX B.11.22
• HP HP-UX B.11.23
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux WS 2.1
• Red Hat Fedora Core1
• Red Hat Fedora Core2
• Red Hat Linux 7.3.0
• Red Hat Linux 7.3.0 I386
• Red Hat Linux 7.3.0 I686
• Red Hat Linux 9.0.0 I386
• Samba 3.0.0
• Samba 3.0.0 Alpha
• Samba 3.0.1
• Samba 3.0.2
• Samba 3.0.2 A
• Samba 3.0.3
• Samba 3.0.4
• Samba 3.0.4 -R1
• Sun Solaris 9 Sparc
• Sun Solaris 9 X86
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 1.5.0
• Trustix Secure Linux 2.0.0
• Trustix Secure Linux 2.1.0

References

• BugTraq: 10781
• CVE: CVE-2004-0686
• URL: http://xforce.iss.net/xforce/xfdb/16786
• URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109051340810458&w=2