CVE-1999-0811

Vulnerability

A buffer overflow vulnerability exists in the Samba smbd program, specifically within its messaging system, which can be triggered by a malformed message command. Additionally, the smbfs-2.0.1 smbmount program contains a buffer overflow in its handling of username environment variables. These issues affect Samba versions prior to 2.0.5 [1].

Exploitation

An attacker can exploit the smbd vulnerability by setting the message command in smb.conf and sending a malformed message. The smbmount vulnerability can be exploited by a local user who executes the smbexpl exploit, which leverages a buffer overflow in the handling of USER or LOGNAME environment variables. The exploit requires the smbmount program to be setuid root, which is not the default configuration [1].

Impact

Successful exploitation of these vulnerabilities allows a local attacker to execute arbitrary code with root privileges. This could lead to a full compromise of the affected system [1].

Mitigation

Samba versions prior to 2.0.5 are affected. The immediate workaround for the smbmount vulnerability is to remove the setuid bit from /sbin/smbmount by running chmod -s /sbin/smbmount. No specific patched version or release date is provided in the available references [1].