Buffer Overflow Vulnerability in Samba

vendor:

Samba

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Samba

Affected Version From: Samba 2.2.8

Affected Version To: Samba-TNG 0.3.1

Patch Exists: YES

Related CWE: N/A

CPE: //a:samba:samba

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Buffer Overflow Vulnerability in Samba

A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.

Mitigation:

Upgrade to the latest version of Samba

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7294/info
   
A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory.
   
Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.
   
It should be noted that this vulnerability affects Samba 2.2.8 and earlier. Samba-TNG 0.3.1 and earlier are also affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22471.tar.gz