FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- format string bug in afsacl.so VFS plugin

Affected packages
3.0.6,1 <= ja-samba < 3.0.24,1
3.0.6,1 <= samba < 3.0.24,1

Details

VuXML ID 57ae52f7-b9cc-11db-bf0f-0013720b182d
Discovery 2007-02-05
Entry 2007-03-16

The Samba Team reports:

NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module.

The source defect results in the name of a file stored on disk being used as the format string in a call to snprintf(). This bug becomes exploitable only when a user is able to write to a share which utilizes Samba's afsacl.so library for setting Windows NT access control lists on files residing on an AFS file system.

References

CVE Name CVE-2007-0454
URL http://www.samba.org/samba/security/CVE-2007-0454.html