Intrusion Prevention

Linux.Kernel.SMB.Filesystem.smb_proc_read.Buffer.Overflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in the Linux kernel.
The vulnerability is due to insufficient validation of the data length in certain SMB packages. Specially crafted SMB "Read" and "ReadAndX" responses can trigger a buffer overflow when the kernel copies the data to an allocated buffer.

Affected Products

Linux Kernel Project Linux Kernel 2.4.0 - 2.4.27
Linux Kernel Project Linux Kernel 2.6.x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
http://kernel.org/pub/linux/kernel/

CVE References

CVE-2004-0883