Samba is "an Open Source/Free Software suite that has, since 1992, provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License". Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the "send_mailslot()" function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string.
Successful exploitation allows execution of arbitrary code, but requires that the "domain logons" option is enabled.
Time Table:
22/11/2007 - Vendor notified.
22/11/2007 - vendor-sec notified.
23/11/2007 - Vendor response.
10/12/2007 - Public disclosure.
