Samba NDR Parsing Unspecified Multiple Buffer Overflow Vulnerabilities

  Severity: CRITICAL
  CVE Identifier: CVE-2007-2446

  DESCRIPTION

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1001021
  Trend Micro Deep Security DPI Rule Name: 1001021 - Samba LSA RPC API_LSA_LOOKUP_SIDS Heap Overflow

  AFFECTED SOFTWARE AND VERSION

  • Samba Samba 3.0.0
  • Samba Samba 3.0.1
  • Samba Samba 3.0.10
  • Samba Samba 3.0.11
  • Samba Samba 3.0.12
  • Samba Samba 3.0.13
  • Samba Samba 3.0.14
  • Samba Samba 3.0.14a
  • Samba Samba 3.0.15
  • Samba Samba 3.0.16
  • Samba Samba 3.0.17
  • Samba Samba 3.0.18
  • Samba Samba 3.0.19
  • Samba Samba 3.0.2
  • Samba Samba 3.0.20
  • Samba Samba 3.0.20a
  • Samba Samba 3.0.20b
  • Samba Samba 3.0.21
  • Samba Samba 3.0.21a
  • Samba Samba 3.0.21b
  • Samba Samba 3.0.21c
  • Samba Samba 3.0.22
  • Samba Samba 3.0.23
  • Samba Samba 3.0.23a
  • Samba Samba 3.0.23b
  • Samba Samba 3.0.23c
  • Samba Samba 3.0.23d
  • Samba Samba 3.0.24
  • Samba Samba 3.0.25 pre1
  • Samba Samba 3.0.25 pre2
  • Samba Samba 3.0.25 rc1
  • Samba Samba 3.0.25 rc2
  • Samba Samba 3.0.25 rc3
  • Samba Samba 3.0.2a