[Security Problem] --with-tdbsam
Jeremy Allison
jra at samba.org
Mon Jul 1 15:28:01 GMT 2002
On Mon, Jul 01, 2002 at 09:39:46PM +0900, Yasuma Takeda wrote:
>
> In Samba-JP, "buffer overflow" problem was reported.
>
> If samba is configured with "--with-tdbsam", init_sam_from_buffer function
> contains a buffer overflow vulnerability.
>
> In a certain case, user can use this vulnerability by changing his password.
>
> Please examine this security problem and take measures to be necessary.
Ok - in conversation with tridge we don't think this is an exploitable
hole. If you believe otherwise can you please mail samba-security at samba.org
with full exploit details.
This is a crash bug, and I am going to go fix that immediately, but we
don't think this is a security hole (but please send more details so we
can be sure).
Thanks !
Jeremy.
More information about the samba-technical
mailing list