Intrusion Prevention

Samba.NMBD.Logon.Request.Buffer.Overflow

Description

This indicates an attempt to exploit a Stack Overflow vulnerability in Samba server.
The vulnerability is caused by an error in "nmbd" when handling malformed "GETDC" server login requests. It may allow a remote attacker to execute arbitrary code by sending a crafted "GETDC" mailslot request.

Affected Products

Samba 3.0.0 through 3.0.26a

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site:
http://us3.samba.org/samba/

CVE References

CVE-2007-4572