Samba developer Steve Langasek found a security problem in samba, the widely known free implementation of the SMB protocol.
The error consists of a buffer overflow in a commonly used routine that accepts user input and may write up to 127 bytes past the end of the buffer allocated with static length, leaving enough room for an exploit. The resulting vulnerability can be exploited locally in applications using the pam_smbpass Pluggable Authentication Module (PAM). It may be possible to exploit this vulnerability remotely, causing the running smbd to crash or even to execute arbitrary code.
The samba package is installed by default only on the SUSE Linux Enterprise Server. SUSE Linux products do not have the samba and samba-client packages installed by default. The samba packages in SUSE Linux version 7.1 and before are not affected by this vulnerability. For the bug to be exploited, your system has to be running the smbd samba server, or an administrator must have (manually) changed the configuration of the PAM authentification subsystem to enable the use of the pam_smbpass module. The samba server process(es) are not activated automatically after installation (of the package).
The samba subsystem on SUSE products is split into two different subpackages: samba and smbclnt up to and including SUSE Linux 7.2, on SUSE Linux 7.3 and newer the package names are samba and samba-client. To completely remove the vulnerability, you should update all of the installed packages.
We wish to express our gratitude to the samba development team and in particular to Steve Langasek and Volker Lendecke who provided the patches and communicated them to the vendors. Please know that the samba team will release the new version 2.2.7 of the samba software to address the security fix at the same time as this announcement gets published. More information about samba (and the security fix) is available at http://www.samba.org.
Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center