Check Point Advisories

Samba SRVSVC RPC sec_io_acl Request Handling Heap Buffer Overflow

Check Point Reference: CPAI-2012-034
Date Published: 24 Jan 2012
Severity: Critical
Last Updated: Monday 25 November, 2024
Source:

CVE-2007-2446

Protection Provided by:

Security Gateway

R75
Who is Vulnerable?

Samba Team Samba 3.x, 3.0.25rc3 and prior

Vulnerability Description

A heap-based buffer overflow vulnerability exists in the way Samba handles RPC messages.
Vulnerability Details

The vulnerability is due to a boundary error while performing specific RPC operations. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted RPC request to the SRVSVC RPC interface. The vulnerability is due to a boundary error while performing specific RPC operations.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

Security Gateway R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Samba SRVSVC RPC sec_io_acl Request Handling Heap Buffer Overflow protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack Information: Samba SRVSVC RPC sec_io_acl request handling heap buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK