These days when I think of samba overflows I get images of bahais fejoida completa dancing in my head. Fortunately a security alert from the samba team has brought me back to reality. No Caipirinha today.

Two functions of Samba version 3 can be exploited remotely even without authentication due to a buffer overflow error. It was found during an internal code review and a fix has already been released.

The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID).

A SID is the variable length binary value used by Microsoft to uniquely identify a user or group in Windows. It was introduced to manage user permissions independently of human-readable characters such as a username. Changing a username mapped to a SID therefore does not impact the system as much as remapping all the permissions to a username.

Patch, upgrade to Samba 3.5.5 or deploy countermeasures (e.g. strict segmentation and ingress/egress filtering) immediately.