svn commit: samba-web r432 - in trunk/news/releases: .
deryck at samba.org
deryck at samba.org
Fri Nov 19 15:23:26 GMT 2004
Author: deryck
Date: 2004-11-19 15:23:26 +0000 (Fri, 19 Nov 2004)
New Revision: 432
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=432
Log:
Add news about Monday's security announcement.
--deryck
Added:
trunk/news/releases/can-2004-0882.html
Changeset:
Added: trunk/news/releases/can-2004-0882.html
===================================================================
--- trunk/news/releases/can-2004-0882.html 2004-11-19 15:18:06 UTC (rev 431)
+++ trunk/news/releases/can-2004-0882.html 2004-11-19 15:23:26 UTC (rev 432)
@@ -0,0 +1,59 @@
+ <h3><a name="can-2004-0882">CAN-2004-0882: Possible Buffer Overrun in smbd</a></h3>
+
+ <div class="article">
+ <p>The following security announcement was released publicly on the samba and samba-technical mailing lists on Monday, 15 November 2004.</p>
+ <pre>
+Subject: Possible Buffer Overrun in smbd
+CVE #: CAN-2004-0882
+Affected
+Versions: Samba 3.0.x <= 3.0.7
+
+Summary: A possible buffer overrun in smbd could
+ lead to code execution by a remote user
+
+
+Patch Availability
+------------------
+
+A patch for Samba 3.0.7 (samba-3.0.7-CAN-2004-0882.patch) is
+available from http://www.samba.org/samba/ftp/patches/security/.
+The patch has been signed with the "Samba Distribution Verification
+Key" (ID F17F9772).
+
+
+Description
+-----------
+
+Invalid bounds checking in reply to certain trans2 requests
+could result in a buffer overrun in smbd. In order to exploit
+this defect, the attacker must be able to create files with very
+specific Unicode filenames on the Samba share.
+
+
+Protecting Unpatched Servers
+----------------------------
+
+The Samba Team always encourages users to run the latest stable
+release as a defense of against attacks. However, under certain
+circumstances it may not be possible to immediately upgrade
+important installations. In such cases, administrators should
+read the "Server Security" documentation found at
+http://www.samba.org/samba/docs/server_security.html.
+
+
+Credits
+--------
+
+This security issue was reported to Samba developers by Stefan
+Esser from e-matters Security (http://security.e-matters.de/).
+
+
+
+-- Our Code, Our Bugs, Our Responsibility.
+
+ -- The Samba Team
+ </pre>
+
+ </div>
+
+
More information about the samba-cvs
mailing list