The Samba Project has issued a fix for a pair of buffer overflow flaws that could lead to a malicious system compromise.

The flaws, which have been rated by research firm Secunia as “moderately critical,” affect Samba versions 2.x and Samba 3.x. Both issues have been fixed in Samba 3.0.5. In an online advisory, the project said the first vulnerability was caused due to a boundary error when decoding base64 data during HTTP basic authentication. This could be exploited to cause a buffer overflow. The second flaw, which could also cause a buffer overflow, was discovered in the code used to handle “mangling method = hash”. Buffer overflows are the most common cause of malicious hacker break-ins. Attackers typically launch buffer overflows wherein data with instructions to corrupt a system are purposely written into a file in full knowledge that the data will overflow a buffer and cause data corruption.

Source: Internet News