svn commit: samba-web r432 - in trunk/news/releases: .

deryck at samba.org deryck at samba.org
Fri Nov 19 15:23:26 GMT 2004 

Author: deryck
Date: 2004-11-19 15:23:26 +0000 (Fri, 19 Nov 2004)
New Revision: 432

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=432

Log:

Add news about Monday's security announcement.

--deryck

Added:
   trunk/news/releases/can-2004-0882.html


Changeset:
Added: trunk/news/releases/can-2004-0882.html
===================================================================
--- trunk/news/releases/can-2004-0882.html	2004-11-19 15:18:06 UTC (rev 431)
+++ trunk/news/releases/can-2004-0882.html	2004-11-19 15:23:26 UTC (rev 432)
@@ -0,0 +1,59 @@
+    <h3><a name="can-2004-0882">CAN-2004-0882: Possible Buffer Overrun in smbd</a></h3> 
+        
+    <div class="article">
+    <p>The following security announcement was released publicly on the samba and samba-technical mailing lists on Monday, 15 November 2004.</p>
+    <pre>
+Subject:    Possible Buffer Overrun in smbd
+CVE #:      CAN-2004-0882
+Affected
+Versions:   Samba 3.0.x &lt;= 3.0.7
+
+Summary:    A possible buffer overrun in smbd could
+        lead to code execution by a remote user
+
+
+Patch Availability
+------------------
+
+A patch for Samba 3.0.7 (samba-3.0.7-CAN-2004-0882.patch) is
+available from http://www.samba.org/samba/ftp/patches/security/.
+The patch has been signed with the "Samba Distribution Verification
+Key"  (ID F17F9772).
+
+
+Description
+-----------
+
+Invalid bounds checking in reply to certain trans2 requests
+could result in a buffer overrun in smbd.  In order to exploit
+this defect, the attacker must be able to create files with very
+specific Unicode filenames on the Samba share.
+
+
+Protecting Unpatched Servers
+----------------------------
+
+The Samba Team always encourages users to run the latest stable
+release as a defense of against attacks.  However, under certain
+circumstances it may not be possible to immediately upgrade
+important installations.  In such cases, administrators should
+read the "Server Security" documentation found at
+http://www.samba.org/samba/docs/server_security.html.
+
+
+Credits
+--------
+
+This security issue was reported to Samba developers by Stefan
+Esser from e-matters Security (http://security.e-matters.de/).
+
+
+
+-- Our Code, Our Bugs, Our Responsibility.
+
+            -- The Samba Team
+    </pre>
+
+    </div>
+        
+

More information about the samba-cvs mailing list