Samba - Local hacker automatic control
| Version: | 3.0.26 and prior. |
| Technical Details: | As reported by Secunia Research, a buffer overflow vulnerability exists in the "reply_netbios_packet()" function in Samba, provided that the Samba server has been configured as a WINS Server. The vulnerability can be triggered by passing crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. |
Description: |
Secunia Research have discovered a vulnerability with Samba that could lead to unprivileged accounts being able to run software of their choice on Samba servers that have been configured as a WINS Server. |
Mitigation: |
Update to Samba version 3.0.27 at the earliest opportunity. |
Updates: |
http://us1.samba.org/samba/security/CVE-2007-4572.html |
Source: |
http://secunia.com/secunia_research/2007-90/ |
Exploits: |
|
| External Tracking Data: | CVE-ID: CVE-2007-5398 CVE-ID: 2007-4572 |
Social bookmark this page
More information:
Subscribe to our feed.Security Portal202420232022202120202019201820172016201520142013201220112010200920082007 - December - NovemberFLAC (Free Lossless Audio Codec) - Remote hacker manual controlQuickTime - Remote hacker automatic controlMicrosoft JET - Remote hacker manual controlSamba - Local hacker automatic controlOS X 10.5 - Remote hacker manual data theftiPhone - Remote hacker automatic controlQuickTime - Remote hacker automatic controlSafari - Remote hacker automatic controlOS X 10.4 - Remote hacker automatic control - October - September - August - July - June - May - April - March - February - January20062005
Focussed Advisories
Reach Us:
Reach us at
info@beskerming.com
Reach us via IM
Jabber:
Server - jabber.org.au
Account - Sunnet.Beskerming
AIM / iChat:
sunnetbeskerming
ICQ:
339742914
Google Talk:
Sunnet.Beskerming
Yahoo! Messenger:
sunnet.beskerming
MSN:
info@beskerming.com
Testimonials
"...extremely timely, accurate reporting..."
"...honesty which is refreshing..."