Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against SAMBA SMBI Packets Chaining Memory Corruption

Subscribe

Check Point Reference: CPAI-2010-143
Date Published:
Severity:
Source: Secunia Advisory SA40145
Industry Reference(s): CVE-2010-2063
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Samba Project Samba 3.0.x - 3.3.12
Vulnerability Description
A vulnerability has been reported in Samba, an open-source implementation of Server Message Block/Common Internet File System (SMB/CIFS). The vulnerability is due to improper validation when chaining SMB1 packets. Remote attackers could exploit this vulnerability by sending a crafted SMB message to a target SMB server.
Update/Patch Available
Samba has released an advisory to address this vulnerability.
Vulnerability Details
A buffer overflow exists in the SMB1 packet chaining implementation in the chain_reply function in Samba. The vulnerability allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted field in a SMB1 packet.

Protection Overview
The protection will detect and block SMB AndX packets with invalid offsets.

 

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Network Security > SMB, and select the AndX Message protection group
3. Click Samba SMB1 Packets Chaining Memory Corruption (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

 
Alert Name: SMB Andx Command
Description: Samba SMB1 Packets Chaining Memory Corruption