• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities

Multiple remote buffer overflow vulnerabilities have been reported for Samba and Samba-TNG. Although unspecified, it is likely that these issues are exploitable by an attacker to execute arbitrary code. All code executed in this manner would be run with the privileges of Samba, typically root.

These vulnerabilities are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1.

** Reports suggest that an automated attack utility may be actively exploiting this vulnerability likely through a bruteforce attack. Although unconfirmed, it may be possible that this may be a worm.

The attack utility has been reported to create several files and drop a trojaned version of the sshd.

Reportedly, the trojaned SSH daemon listens for connections on port 44444.

This attack utility was only observed to be attacking FreeBSD systems however, it is likely that other systems are also affected.