svn commit: samba-web r328 - in trunk: history news/releases

Mon Sep 13 14:09:47 GMT 2004

Author: deryck
Date: 2004-09-13 14:09:46 +0000 (Mon, 13 Sep 2004)
New Revision: 328

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-web&path=/trunk&rev=328&nolog=1

Log:

Add news item and announcement for 3.0 DoS security patch.


Added:
   trunk/history/3.0_DOS_sept04_announce.txt
   trunk/news/releases/3.0_DOS_sept04.html


Changeset:
Added: trunk/history/3.0_DOS_sept04_announce.txt
===================================================================

--- trunk/history/3.0_DOS_sept04_announce.txt	2004-09-13 13:49:56 UTC (rev 327)
+++ trunk/history/3.0_DOS_sept04_announce.txt	2004-09-13 14:09:46 UTC (rev 328)
@@ -0,0 +1,63 @@
+Subject:	Samba 3.0.x Denial of Service Flaw
+
+Summary:	(i) A DoS bug in smbd may allow an
+		unauthenticated user to cause smbd to
+		spawn new processes each one entering
+		an infinite loop.  After sending a sufficient
+		amount of packets it is possible to exhaust
+		the memory resources on the server.
+
+		(ii) A DoS bug in nmbd may allow an attacker
+		to remotely crash the nmbd daemon.
+
+Affected
+Versions:	Defect (i) affects Samba 3.0.x prior to and
+		including v3.0.6.
+
+		Defect (ii) affects Samba 3.0.x prior to
+		and including v3.0.6.
+
+Patch
+Availability:	The patch file for Samba 3.0.5 addressing both
+		bugs (samba-3.0.5-DoS.patch) can be downloaded
+		from
+		http://download.samba.org/samba/ftp/patches/security/
+
+
+Description
+-----------
+
+CAN-2004-0807: A defect in smbd's ASN.1 parsing allows an
+attacker to send a specially crafted packet during the
+authentication request which will send the newly spawned
+smbd process into an infinite loop.  Given enough of these
+packets, it is possible to exhaust the available memory
+on the server.
+
+CAN-2004-0808: A defect in nmbd's process of mailslot packets
+can allow an attacker to anonymously crash nmbd.
+
+
+Protecting Unpatched Servers
+----------------------------
+
+The Samba Team always encourages users to run the latest stable
+release as a defense of against attacks.  However, under certain
+circumstances it may not be possible to immediately upgrade
+important installations.  In such cases, administrators should
+read the "Server Security" documentation found at
+http://www.samba.org/samba/docs/server_security.html.
+
+
+Credits
+--------
+
+Both security issues were reported to Samba developers by
+iDEFENSE (http://www.idefense.com/).  The defect discovery
+was anonymously reported to iDEFENSE via their Vulnerability
+Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp).
+
+
+-- Our Code, Our Bugs, Our Responsibility.
+			
+				-- The Samba Team 

Added: trunk/news/releases/3.0_DOS_sept04.html
===================================================================
--- trunk/news/releases/3.0_DOS_sept04.html	2004-09-13 13:49:56 UTC (rev 327)
+++ trunk/news/releases/3.0_DOS_sept04.html	2004-09-13 14:09:46 UTC (rev 328)
@@ -0,0 +1,20 @@
+    <h3><a name="3.0_DOS_sept04">Samba 3.0 DoS Vulnerabilities</a></h3> 
+        
+    <div class="article">
+    <p>The following Denial of Service Flaw was reported in Samba 3.0 versions prior to and including v3.0.6:</p>
+
+    <ul>
+    <li>(i) A DoS bug in smbd may allow an
+	unauthenticated user to cause smbd to
+	spawn new processes each one entering
+	an infinite loop.  After sending a sufficient
+	amount of packets it is possible to exhaust
+	the memory resources on the server.</li>
+    <li>(ii) A DoS bug in nmbd may allow an attacker
+	to remotely crash the nmbd daemon.</li>
+    </ul>
+
+    <p>For full details please see the <a href="/samba/history/3.0_DOS_sept04_announce.txt">security patch announcement</a>.  The patch file for Samba 3.0.5 addressing both bugs (samba-3.0.5-DoS.patch) can be downloaded <a href=http://download.samba.org/samba/ftp/patches/security/">here</a>.</p>
+    </div>
+        
+       


Property changes on: trunk/news/releases/3.0_DOS_sept04.html
___________________________________________________________________
Name: svn:executable
   + *

