Note: This is an archival copy of Security Sun Alert 249087 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019924.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Security Vulnerability in samba(7) Specially Crafted Packet May Expose Arbitrary Buffer of Data
An information disclosure security vulnerability in Samba (SAMBA(7)) may allow a remote unprivileged user to read arbitrary memory buffer contents and cause a Denial of Service (DoS) via crafted requests.
Additional information on this issue can be found in the following document:
2. Contributing Factors
1. Solaris 8 does not include the Samba software and is therefore not affected by this issue.
To determine the version of Samba installed on a system, the following command can be run:
% /usr/sfw/sbin/smbd -VTo determine if a system is configured as a Samba server, the following command can be run to check for processes related to Samba:
% ps -ef | grep mbdIf the output shows "smbd" or "nmbd" running as a daemon (with the -D parameter), the system is configured as a Samba server.
There are no predictable symptoms that would indicate the described vulnerability has been exploited to compromise the arbitrary memory contents.
To work around the described issue for the Samba server, the Samba service may be stopped by using the following command:
On Solaris 9:
# /etc/init.d/samba stopOn Solaris 10 and later:
# svcadm disable samba
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
30-Jan-2009: Updated Contributing Factors and Resolution sections for Solaris 9
02-Feb-2009: Updated Contributing Factors and Resolution sections for Solaris 10; now Resolved
This solution has no attachment