Samba Patches Buffer Overflows

The Samba Project has issued a fix for a pair of buffer overflow flaws that could
lead to a malicious system compromise.

The flaws, which have been rated by research firm Secunia as “moderately critical,”
affect Samba versions 2.x and Samba 3.x. Both issues have been fixed in Samba
3.0.5, which can be downloaded here.

In an online advisory,
the project said the first vulnerability was caused due to a boundary error when decoding
base64 data during HTTP basic authentication. This could be exploited to cause a buffer
overflow .

The second flaw, which could also cause a buffer overflow, was discovered in the code
used to handle “mangling method = hash”.

Buffer overflows are the most common cause of malicious hacker break-ins. Attackers typically
launch buffer overflows wherein data with instructions to corrupt a system are purposely written
into a file in full knowledge that the data will overflow a buffer and cause data corruption.

Samba is an open-source implementation of Microsoft’s SMB/CIFS protocol for
file and printer sharing. It is used to allow a non-Windows server to communicate with the
same networking protocol as the Windows products. Originally developed for Unix, Samba can
now run on Linux, FreeBSD and other Unix variants.

News Around the Web