‘Samba 3.3.12 Memory Corruption Vulnerability’
‘The information has been provided by Jun Mao.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873‘
* Samba version 3.3.12
This vulnerability exists in a certain function within Samba, where an attacker could trigger a memory corruption by sending specially crafted SMB requests resulting in heap memory overwritten with attacker supplied data, which can allow attackers to execute code remotely.
Samba has released patches to address this issue. Information about downloadable vendor updates can be found by clicking on the following URL:
Firewalls should be utilized to prevent unauthorized connections to samba ports.
06/04/2010 Initial Vendor Notification
06/04/2010 Initial Vendor Reply
06/16/2010 Coordinated Public Disclosure’