Note: This is an archival copy of Security Sun Alert 200588 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000450.1.
Article ID : 1000450.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-10-23
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, Remote Shell Command Execution, or Denial of Service (DoS)


Release Phase

Solaris 9 Operating System
Solaris 10 Operating System

Bug Id
6557101, 6521788

Date of Workaround Release

Date of Resolved Release


Multiple security vulnerabilities in the Samba (samba(7)) software for Solaris may allow a local or remote user to issue unauthorized Samba operations or to execute arbitrary code or commands with elevated privileges. In addition, it may be possible for a remote authenticated user to cause the Samba service to consume excessive amounts of CPU and memory, resulting in a Denial of Service (DoS) to the system.

These issues are described in the following documents:

CVE-2007-2444 at 

CVE-2007-2446 at

CVE-2007-2447 at

CVE-2007-0452 at

Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 114684-08
  • Solaris 10 without patch 119757-05

x86 Platform

  • Solaris 9 without patch 114685-08
  • Solaris 10 without patch 119758-05

with the following versions of Samba software:

  • Samba 3.0.0 through 3.0.25rc3
  • Samba 3.0.23d through 3.0.25pre2
  • 3.0.6 through 3.0.23d


  1. Solaris 8 does not include the Samba software and is therefore not affected by these issues.
  2. These issues will only impact a system configured as a Samba server.

To determine if a system is configured as a Samba server, the following command can be run to check for processes related to Samba:

    % ps -ef | grep mbd
    root   317     1   0   May 26 ?           0:01 /usr/sfw/sbin/smbd -D
    root   325   317   0   May 26 ?           0:00 /usr/sfw/sbin/smbd -D
    root   314     1   0   May 26 ?           0:27 /usr/sfw/sbin/nmbd -D
    root 28369 17382   0 23:17:46 pts/2       0:00 grep mbd

If the output shows "smbd" or "nmbd" running as a daemon (with the -D parameter), the system is configured as a Samba server.

To determine the version of Samba installed on a system, the following command can be run:

    % /usr/sfw/sbin/smbd -V
    Version  3.0.4



There are no predictable symptoms that would indicate the described vulnerabilities have been exploited to elevate privileges or execute code or shell commands. If these issues have been exploited to cause a denial of service on the host, one or more Samba related processes will be running and will be consuming an unusually large percentage of CPU time or memory. In addition, the host itself may be generally unresponsive.

To determine the CPU usage of the processes running on the system, a command such as the following can be used, which will sort the running process by CPU consumption (in descending order):

    $ prstat -s cpu

Memory usage on a system can be monitored with commands such as vmstat(1M).


Until patches can be applied, sites which are affected may wish to stop the samba(7) service on affected hosts by running the following command:

    # /etc/init.d/samba stop

followed by checking that smbd(8) or nmbd(8) is not running :

    % ps -ef | grep mbd


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 114684-08 or later
  • Solaris 10 with patch 119757-05 or later

x86 Platform

  • Solaris 9 with patch 114685-08 or later
  • Solaris 10 with patch 119758-05 or later

Modification History
Date: 28-SEP-2007
  • Updated Synopsis, Impact, Contributing Factors, and Symptoms sections

Date: 11-OCT-2007
  • Updated Contributing Factors and Resolution sections

Date: 24-OCT-2007
  • Updated Contributing Factors and Resolution sections
  • State: Resolved



This solution has no attachment