A security vulnerability in Samba's "ms_fnmatch()" function may allow a remote unprivileged user the ability to create a Denial of Service (DoS) by causing excessive CPU consumption via a Samba request that contains multiple wildcard characters.

This issue is referenced in the following document:

• CAN-2004-0930 at: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930

This issue can occur in the following releases:

SPARC Platform

• Solaris 9 without patch 114684-05
• Solaris 10 without patch 119757-01

x86 Platform

• Solaris 9 without patch 114685-05
• Solaris 10 without patch 119758-01

Note: Solaris 7 and Solaris 8 do not include the Samba software and are not affected by this issues. Sun does include Samba on the Solaris Companion CD for Solaris 8 as an unsupported package which installs to "/opt/sfw" and is vulnerable to this issue. Sites using the freeware version of Samba from the Solaris Companion CD will need to upgrade to a later version from Samba.org.

The described issue only occurs if both of the following conditions are true:

1. The system is configured as a Samba server.
2. The version of Samba installed is 2.x through 3.0.7

To determine if a system is configured as a Samba server, use the following command to check for the presence of the smb.conf(4) file:

    % ls -l /etc/sfw/smb.conf
    -rw-r--r-- 1 root other 11665 Sep 28 16:37 /etc/sfw/smb.conf

If the output is similar to that shown above, the system is configured as a Samba server.

To determine the version of Samba installed on a system, the following command can be run:

    % /usr/sfw/sbin/smbd -V
    Version 3.0

If the described issue occurs, the Samba server running on an impacted machine will consume more CPU cycles than normal, reducing the quality of service provided by the Samba server. In some circumstances the server may become entirely unresponsive.

The Samba Server Security web page:

    http://www.samba.org/samba/docs/server_security.html

documents several ways to restrict access to Samba servers and further protect Samba servers. Sites may consider applying the advice there even for patched systems.

Until patches are available or can be applied, sites may consider downloading and compiling Samba 3.0.8 or higher from the Samba site at:

    http://www.samba.org

as an interim workaround. Note however that the downloaded Samba software is not supported by Sun.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 9 with patch 114684-05 or later
• Solaris 10 with patch 119757-01 or later

x86 Platform

• Solaris 9 with patch 114685-05 or later
• Solaris 10 with patch 119758-01 or later

Change History

• Added note to Contributing Factors section

• State: Resolved
• Updated Contributing Factors and Resolution sections

This solution has no attachment