[SECURITY] Samba 2.2.8 available for download

Green, Paul Paul.Green at stratus.com
Sun Mar 30 20:12:59 GMT 2003


Green, Paul [mailto:Paul.Green at stratus.com] wrote:
> The 2.2.8 release notes say:
> 
> > A buffer overrun condition exists in the SMB/CIFS packet fragment
> > re-assembly code in smbd which would allow an attacker to cause smbd
> > to overwrite arbitrary areas of memory in its own process address
> > space. This could allow a skilled attacker to inject binary specific
> > exploit code into smbd.

I have written a short test case (available upon request) to confirm that
Stratus VOS, when running on the HP PA-RISC hardware, is not susceptible to
such an attack.  While such an attack can indeed be used to insert code onto
the VOS stack, as soon as the processor attempts to begin executing the code
it will take a no-execute permission fault or an invalid-page fault.
Therefore, the last sentence of this warning in the 2.2.8 release notes
about "inject[ing] binary specific exploit code into smbd" does not apply to
VOS on HP PA-RISC.

As other experts have noted, there are probably other OS/Hardware
combinations that are also immune to this attack.  I hope other maintainers
will post such information so that we can have a public record, and not
needlessly scare our customers.

Thanks
PG
--
Paul Green, Senior Technical Consultant,
Stratus Technologies, Maynard, MA USA
Voice: +1 978-461-7557; FAX: +1 978-461-3610
Speaking from Stratus not for Stratus



More information about the samba-technical mailing list