Buffer overflow in Samba
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2011-0719 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Samba Server applications / Directory software, identity management |
| Vendor | Samba |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU45287
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-0719
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamba: 3.0.0 - 3.5.6
External linkshttp://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056229.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056241.html
http://marc.info/?l=bugtraq&m=130835366526620&w=2
http://samba.org/samba/security/CVE-2011-0719.html
http://secunia.com/advisories/43482
http://secunia.com/advisories/43503
http://secunia.com/advisories/43512
http://secunia.com/advisories/43517
http://secunia.com/advisories/43556
http://secunia.com/advisories/43557
http://secunia.com/advisories/43843
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593629
http://support.apple.com/kb/HT4723
http://www.debian.org/security/2011/dsa-2175
http://www.mandriva.com/security/advisories?name=MDVSA-2011:038
http://www.redhat.com/support/errata/RHSA-2011-0305.html
http://www.redhat.com/support/errata/RHSA-2011-0306.html
http://www.samba.org/samba/history/samba-3.3.15.html
http://www.samba.org/samba/history/samba-3.4.12.html
http://www.samba.org/samba/history/samba-3.5.7.html
http://www.securityfocus.com/bid/46597
http://www.securitytracker.com/id?1025132
http://www.ubuntu.com/usn/USN-1075-1
http://www.vupen.com/english/advisories/2011/0517
http://www.vupen.com/english/advisories/2011/0518
http://www.vupen.com/english/advisories/2011/0519
http://www.vupen.com/english/advisories/2011/0520
http://www.vupen.com/english/advisories/2011/0522
http://www.vupen.com/english/advisories/2011/0541
http://www.vupen.com/english/advisories/2011/0702
http://bugzilla.redhat.com/show_bug.cgi?id=678328
http://exchange.xforce.ibmcloud.com/vulnerabilities/65724
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
