|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12201. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the way Samba handles ndr_ValidatePassword requests. When parsing the data send in the request Samba uses the field 'pwd_history' to create a heap allocation but then uses another field, 'pwd_history_len', to write data to the allocation. Because there is no check to see if 'pwd_history_len' is smaller than 'pwd_history' this could result in a heap buffer overflow that could lead to remote code execution.
Samba has issued an update to correct this vulnerability. More details can be found at: