Note: This is an archival copy of Security Sun Alert 201487 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001112.1.
Article ID : 1001112.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-05-27
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Samba(7) versions 2.2.2 through 2.2.8 May Allow Remote User Unauthorized Privileges

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System

Bug Id
4833908

Date of Workaround Release
18-APR-2003

Date of Resolved Release
28-MAY-2003

Impact

Several buffer overflows have been found in Samba(7), at least one of which may allow a remote unprivileged user to execute arbitrary code with the privileges of the Super User (typically root), on a Solaris 9 system running as a Samba(7) server.

This issue is described in CERT Vulnerability Notes VU#298233 (see http://www.kb.cert.org/vuls/id/298233) and VU#267873 (see http://www.kb.cert.org/vuls/id/267873).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 114684-02

x86 Platform

  • Solaris 9 without patch 114685-02

Only systems configured as Samba servers running Samba versions 2.0.x through 2.2.8 are vulnerable to this issue. To determine if a system is configured as a Samba server the following command can be run: 

    % ls -l /etc/sfw/smb.conf

To determine the version of Samba installed, the following command can be run: 

    % /usr/sfw/sbin/smbd -V

Note: Solaris 2.6, 7, and 8 do not include the Samba software and are not affected by this issue. Sun does include Samba on the Solaris Companion CD for Solaris 8 as an unsupported package which installs to /opt/sfw and is vulnerable to this issue. Sites using the freeware version of Samba from the Solaris Companion CD will have to upgrade to a later version from Samba.org.


Symptoms

There are no predictable symptoms that would show the described issue has been exploited to gain root privileges.


Workaround

Workaround information can be found in the "Protecting an unpatched Samba server" section from the Samba Team announcement for version 2.2.8 at: http://www.samba.org/samba/whatsnew/samba-2.2.8.html.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 114684-02 or later

x86 Platform

  • Solaris 9 with patch 114685-02 or later


Modification History
Date: 28-MAY-2003
  • State: Resolved
  • Updated Contributing Factors and Resolution sections


References

114684-02
114685-02




Attachments
This solution has no attachment