Multiple security vulnerabilities in the Samba (samba(7)) software for Solaris may allow a local or remote user to issue unauthorized Samba operations or to execute arbitrary code or commands with elevated privileges. In addition, it may be possible for a remote authenticated user to cause the Samba service to consume excessive amounts of CPU and memory, resulting in a Denial of Service (DoS) to the system.

These issues are described in the following documents:

CVE-2007-2444 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 

CVE-2007-2446 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

CVE-2007-2447 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447

CVE-2007-0452 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452

These issues can occur in the following releases:

SPARC Platform

• Solaris 9 without patch 114684-08
• Solaris 10 without patch 119757-05

x86 Platform

• Solaris 9 without patch 114685-08
• Solaris 10 without patch 119758-05

with the following versions of Samba software:

• Samba 3.0.0 through 3.0.25rc3
• Samba 3.0.23d through 3.0.25pre2
• 3.0.6 through 3.0.23d

Notes:

1. Solaris 8 does not include the Samba software and is therefore not affected by these issues.
2. These issues will only impact a system configured as a Samba server.

To determine if a system is configured as a Samba server, the following command can be run to check for processes related to Samba:

    % ps -ef | grep mbd
    root   317     1   0   May 26 ?           0:01 /usr/sfw/sbin/smbd -D
    root   325   317   0   May 26 ?           0:00 /usr/sfw/sbin/smbd -D
    root   314     1   0   May 26 ?           0:27 /usr/sfw/sbin/nmbd -D
    root 28369 17382   0 23:17:46 pts/2       0:00 grep mbd

If the output shows "smbd" or "nmbd" running as a daemon (with the -D parameter), the system is configured as a Samba server.

To determine the version of Samba installed on a system, the following command can be run:

    % /usr/sfw/sbin/smbd -V
    Version  3.0.4

There are no predictable symptoms that would indicate the described vulnerabilities have been exploited to elevate privileges or execute code or shell commands. If these issues have been exploited to cause a denial of service on the host, one or more Samba related processes will be running and will be consuming an unusually large percentage of CPU time or memory. In addition, the host itself may be generally unresponsive.

To determine the CPU usage of the processes running on the system, a command such as the following can be used, which will sort the running process by CPU consumption (in descending order):

    $ prstat -s cpu
    [...]

Memory usage on a system can be monitored with commands such as vmstat(1M).

Until patches can be applied, sites which are affected may wish to stop the samba(7) service on affected hosts by running the following command:

    # /etc/init.d/samba stop

followed by checking that smbd(8) or nmbd(8) is not running :

    % ps -ef | grep mbd

This issue is addressed in the following releases:

SPARC Platform

• Solaris 9 with patch 114684-08 or later
• Solaris 10 with patch 119757-05 or later

x86 Platform

• Solaris 9 with patch 114685-08 or later
• Solaris 10 with patch 119758-05 or later

• Updated Synopsis, Impact, Contributing Factors, and Symptoms sections

• Updated Contributing Factors and Resolution sections

• Updated Contributing Factors and Resolution sections
• State: Resolved

This solution has no attachment