Note: This is an archival copy of Security Sun Alert 200588 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000450.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple security vulnerabilities in the Samba (samba(7)) software for Solaris may allow a local or remote user to issue unauthorized Samba operations or to execute arbitrary code or commands with elevated privileges. In addition, it may be possible for a remote authenticated user to cause the Samba service to consume excessive amounts of CPU and memory, resulting in a Denial of Service (DoS) to the system.
These issues are described in the following documents:
CVE-2007-2444 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
CVE-2007-2446 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
CVE-2007-2447 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
CVE-2007-0452 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
These issues can occur in the following releases:
with the following versions of Samba software:
To determine if a system is configured as a Samba server, the following command can be run to check for processes related to Samba:
% ps -ef | grep mbd root 317 1 0 May 26 ? 0:01 /usr/sfw/sbin/smbd -D root 325 317 0 May 26 ? 0:00 /usr/sfw/sbin/smbd -D root 314 1 0 May 26 ? 0:27 /usr/sfw/sbin/nmbd -D root 28369 17382 0 23:17:46 pts/2 0:00 grep mbd
If the output shows "smbd" or "nmbd" running as a daemon (with the -D parameter), the system is configured as a Samba server.
To determine the version of Samba installed on a system, the following command can be run:
% /usr/sfw/sbin/smbd -V Version 3.0.4
There are no predictable symptoms that would indicate the described vulnerabilities have been exploited to elevate privileges or execute code or shell commands. If these issues have been exploited to cause a denial of service on the host, one or more Samba related processes will be running and will be consuming an unusually large percentage of CPU time or memory. In addition, the host itself may be generally unresponsive.
To determine the CPU usage of the processes running on the system, a command such as the following can be used, which will sort the running process by CPU consumption (in descending order):
$ prstat -s cpu [...]
Memory usage on a system can be monitored with commands such as vmstat(1M).
Until patches can be applied, sites which are affected may wish to stop the samba(7) service on affected hosts by running the following command:
# /etc/init.d/samba stop
followed by checking that smbd(8) or nmbd(8) is not running :
% ps -ef | grep mbd
This issue is addressed in the following releases:
This solution has no attachment