Note: This is an archival copy of Security Sun Alert 200564 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000430.1.
Article ID : 1000430.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-04-15
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Samba(7) Versions 2.2.2 Through 2.2.6 May Allow Remote User Unauthorized Privileges


Release Phase

Solaris 9 Operating System

Bug Id

Date of Resolved Release


When a Solaris 9 system is running as a Samba server, an uprivileged remote user may be able to execute arbitrary code or commands with superuser privileges. This user could request a password change that would allow root access on the target machine, then send an encrypted password, which, when decrypted with the old hashed password, could be used as a buffer overrun attack on the stack of smbd. This would cause the Samba server daemon smbd (Server Message Block protocol for UNIX systems) to crash.

This issue is described in CERT Vulnerability Notes VU#958321 at:

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 114684-01

x86 Platform

  • Solaris 9 without patch 114685-01

To determine if a system is configured as a Samba server, the following command can be run:

    % ls -l /etc/sfw/smb.conf

To determine the version of Samba installed, the following command can be run:

    % /usr/sfw/sbin/smbd -V

To see the smb.conf configuration file, the following command can be run:

    % /usr/sfw/bin/testparm

Note: Solaris 2.6, 7, and 8 do not include the Samba software and are not affected by this issue. Sun does include Samba on the Solaris Companion CD for Solaris 8 as an unsupported package which installs to /opt/sfw and is vulnerable to this issue. Sites using the freeware version of Samba from the Solaris Companion CD will have to upgrade to a later version from


There are no predictable symptoms that would show the described issue has been exploited to gain root privileges.


Workaround information can be found in the "Protecting an Unpatched Samba Server" section from the Samba Team announcement for version 2.2.8 at:


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 114684-01 or later

x86 Platform

  • Solaris 9 with patch 114685-01 or later

Modification History



This solution has no attachment