Multiple Buffer Overflows in Samba

A new samba patch was released yesterday to address two buffer overflows. The first allows for the execution of arbitrary code when the WINS support option is enabled. An attacker would send specially crafted WINS requests to take advantage of this vulnerability. The second d can be exploited by sending a specially crafted GETDC mailslot request. For this second exploit to succeed samba must be configured as a Domain Controller. Samba versions 3.0.0-3.0.26a are know to be vulnerable to these issues.
The original advisory and patches are available at:

Leave a Reply