Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2002:045: samba

Vulnerability Assessment Details

SUSE-SA:2002:045: samba

Vulnerability Assessment Summary
Check for the version of the samba package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2002:045 (samba).

Samba developer Steve Langasek found a security problem in samba, the
widely known free implementation of the SMB protocol.

The error consists of a buffer overflow in a commonly used routine
that accepts user input and may write up to 127 bytes past the end of
the buffer allocated with static length, leaving enough room for
an exploit. The resulting vulnerability can be exploited locally
in applications using the pam_smbpass Pluggable Authentication Module
(PAM). It may be possible to exploit this vulnerability remotely,
causing the running smbd to crash or even to execute arbitrary code.

The samba package is installed by default only on the SUSE LINUX
Enterprise Server. SUSE LINUX products do not have the samba and
samba-client packages installed by default.
The samba packages in SUSE LINUX version 7.1 and before are not affected
by this vulnerability.
For the bug to be exploited, your system has to be running the smbd
samba server, or an administrator must have (manually) changed the
configuration of the PAM authentification subsystem to enable the use
of the pam_smbpass module. The samba server process(es) are not activated
automatically after installation (of the package).

The samba subsystem on SUSE products is split into two different
subpackages: samba and smbclnt up to and including SUSE LINUX 7.2, on
SUSE LINUX 7.3 and newer the package names are samba and samba-client.
To completely remove the vulnerability, you should update all of the
installed packages.

We wish to express our gratitude to the samba development team and
in particular to Steve Langasek and Volker Lendecke who provided the
patches and communicated them to the vendors. Please know that the
samba team will release the new version 2.2.7 of the samba software to
address the security fix at the same time as this announcement gets
published. More information about samba (and the security fix) is
available at

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply
the update.

Solution :
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Cisco Tandberg Codian ISDN GW 3241 TelePresence Gateway
Cisco Tandberg Codian ISDN GW 3241 TelePresence Gateway pictureAvaya B179 SIP Conference Phone
Avaya B179 SIP Conference Phone picture(Lot of 3) Nortel BES1020-24T-PWR & Nortel BES1020-48T-PWR Network Switches
(Lot of 3) Nortel BES1020-24T-PWR & Nortel BES1020-48T-PWR Network Switches pictureAS-2000 4-Paralle I/O Port Data Switch A-B-C-D
AS-2000 4-Paralle I/O Port Data Switch A-B-C-D picture


No Discussions have been posted on this vulnerability.