Samba nmbd unstrcpy Buffer Overflow

August 22, 2014

Samba, which runs on most Unix and Unix-like systems, is a free software re-implementation of the SMB/CIFS networking protocol. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.

SMB/CIFS runs on top of NetBIOS, which provides three distinct services: Name service (NetBIOS-NS), Datagram distribution service (NetBIOS-DGM) and Session service (NetBIOS-SSN). Samba implements the NetBIOS-NS protocol using the "nmbd" daemon.

A heap buffer overflow vulnerability exists in Samba's nmbd daemon. Specifically, the vulnerability is due to "sizeof" operation on an incorrect variable in the "unstrcpy" macro. A remote attacker can exploit this vulnerability by sending crafted requests to the target Samba server. Successful exploitation would cause arbitrary code execution or result in denial-of-service condition.

The vulnerability has been assigned as CVE-2014-3560.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 5082 Samba nmbd unstrcpy Buffer Overflow