Samba Patches Buffer Overflows

The Samba Project has issued a fix for a pair of buffer overflow flaws that could lead to a malicious system compromise.

The flaws, which have been rated by research firm Secunia as "moderately critical," affect Samba versions 2.x and Samba 3.x. Both issues have been fixed in Samba 3.0.5, which can be downloaded here.

In an online advisory, the project said the first vulnerability was caused due to a boundary error when decoding base64 data during HTTP basic authentication. This could be exploited to cause a buffer overflow .

The second flaw, which could also cause a buffer overflow, was discovered in the code used to handle "mangling method = hash".

Buffer overflows are the most common cause of malicious hacker break-ins. Attackers typically launch buffer overflows wherein data with instructions to corrupt a system are purposely written into a file in full knowledge that the data will overflow a buffer and cause data corruption.

Samba is an open-source implementation of Microsoft's SMB/CIFS protocol for file and printer sharing. It is used to allow a non-Windows server to communicate with the same networking protocol as the Windows products. Originally developed for Unix, Samba can now run on Linux, FreeBSD and other Unix variants.