Samba smbd Security Descriptor Parsing Remote Overflow
Critical Nessus Plugin ID 15985
SynopsisRemote code may be run on the remote server.
DescriptionThe remote Samba server, according to its version number, is vulnerable to a remote buffer overrun resulting from an integer overflow vulnerability.
To exploit this flaw, an attacker would need to send to the remote host a malformed packet containing hundreds of thousands of ACLs, which would in turn cause an integer overflow resulting in a small pointer being allocated.
An attacker needs a valid account or enough credentials to exploit this flaw.
SolutionUpgrade to Samba 3.0.10 or later.