Samba smbd Security Descriptor Parsing Remote Overflow

Critical Nessus Plugin ID 15985


Remote code may be run on the remote server.


The remote Samba server, according to its version number, is vulnerable to a remote buffer overrun resulting from an integer overflow vulnerability.

To exploit this flaw, an attacker would need to send to the remote host a malformed packet containing hundreds of thousands of ACLs, which would in turn cause an integer overflow resulting in a small pointer being allocated.

An attacker needs a valid account or enough credentials to exploit this flaw.


Upgrade to Samba 3.0.10 or later.

Plugin Details

Severity: Critical

ID: 15985

File Name: samba_dacl_overflow.nasl

Version: $Revision: 1.12 $

Type: remote

Published: 2004/12/16

Modified: 2011/04/13

Dependencies: 10785

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2005/02/11

Vulnerability Publication Date: 2004/12/16

Reference Information

CVE: CVE-2004-1154

BID: 11973

OSVDB: 12422