Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007
CVE: CVE-2007-2446
BID: 24195
OSVDB: 34699


Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems.


A vulnerability in the LSA RPC interface allows a remote attacker to execute arbitrary commands by sending a specially crafted LsarLookupSids/LsarLookupSids2 request, which causes a buffer overflow in the lsa_io_trans_names function.


Upgrade to Samba 3.0.25 or higher, apply the patch for Samba 3.0.24, or apply the patch for Solaris.



Exploit works on Samba 3.0.24 on Sun SPARC Solaris 9 and Samba 3.0.22 on SuSE Linux Enterprise Server 10.

Since the exploit uses a brute force method, extra time may be required before the exploit succeeds.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for this exploit. These packages are available from


SunOS / Solaris

Back to exploit index