• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Samba Filename Mangling Method Buffer Overrun Vulnerability

Samba is reported prone to an undisclosed buffer overrun vulnerability, the buffer overrun is reported to exist when Samba is handling file name mangling with the "hash" method.

It is conjectured that this vulnerability may present itself when the affected server handles a filename that is sufficient to trigger the vulnerability. To exploit this vulnerability, an attacker may require sufficient access so that they may write a file to a published samba share.

It is reported that the vulnerability does not exist in default Samba configurations; by default, Samba is configured to employ "hash2" name mangling. The "hash2" method is not vulnerable.

This vulnerability is reported to affect Samba version 3.0.0 and later.