SMB: Samba smbd Packets Chaining AndX Offset Infinite Loop
This signature detects attempts to exploit a known infinite loop vulnerability in Samba. The vulnerability is due to insufficient validation of AndX request offsets, which should be increasing in a strictly monotonic manner. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious AndX request to the target. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the affected service.
Extended Description
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
Affected Products
Rim blackberry_playbook_tablet
Short Name
SMB:SAMBA:SMBD-ANDX-INFINITE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
AndX CVE-2012-0870 Chaining Infinite Loop Offset Packets Samba bid:52103 smbd
Release Date
01/09/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Samba
Rim
CVSS Score
7.9