Vigil@nce - Samba: denial of service via NetBIOS
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious NetBIOS packet, in order to stop
Samba.
Severity: 2/4
Creation date: 11/10/2010
DESCRIPTION OF THE VULNERABILITY
The NetBIOS protocol provides 3 services:
– Name Service : registration and resolution of computer names
– Session Service and Datagram Service : exchange of messages
The Session Service uses several types of packets (RFC 1002):
– 0x00 : message
– 0x81 : request
– etc.
However, if the name associated to a 0x81 query is too long, an
assertion error occurs in Samba.
An attacker can therefore send a malicious NetBIOS packet, in
order to stop Samba.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Samba-denial-of-service-via-NetBIOS-10013