svn commit: samba-web r1009 - in trunk: history security

jerry at samba.org jerry at samba.org
Mon Jul 10 20:28:52 GMT 2006


Author: jerry
Date: 2006-07-10 20:28:52 +0000 (Mon, 10 Jul 2006)
New Revision: 1009

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1009

Log:
patch announcement
Added:
   trunk/security/CAN-2006-3403.html
Modified:
   trunk/history/security.html


Changeset:
Modified: trunk/history/security.html
===================================================================
--- trunk/history/security.html	2006-07-10 20:24:45 UTC (rev 1008)
+++ trunk/history/security.html	2006-07-10 20:28:52 UTC (rev 1009)
@@ -22,6 +22,16 @@
       </tr>
       
     <tr>
+        <td>10 July 2006</td>
+        <td><a href="/samba/ftp/patches/security/samba-3.0-CAN-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
+        <td>Memory exhaustion DoS against smbd</td>
+        <td>Samba 3.0.1 - 3.0.22</td>
+        <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-3403">CAN-2006-3403</a></td>
+        <td><a href="/samba/security/CAN-2006-3403.html">Announcement</a></td>
+    </tr>
+
+    <tr>
+    <tr>
         <td>30 March 2006</td>
         <td><a href="/samba/ftp/patches/security/samba-3.0.21-CAN-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
         <td>Exposure of machine account credentials in winbind log files</td>

Added: trunk/security/CAN-2006-3403.html
===================================================================
--- trunk/security/CAN-2006-3403.html	2006-07-10 20:24:45 UTC (rev 1008)
+++ trunk/security/CAN-2006-3403.html	2006-07-10 20:28:52 UTC (rev 1009)
@@ -0,0 +1,67 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CAN-2006-3403: Memory exhaustion DoS against smbd</H2>
+
+<p>
+<pre>
+==========================================================
+==
+== Subject:     Memory exhaustion DoS against smbd
+== CVE ID#:     CAN-2006-1059
+==
+== Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
+==
+== Summary:     smbd may allow internal structures 
+==              maintaining state for share connections
+==              to grow unbounded.
+==
+==========================================================
+
+
+===========
+Description
+===========
+
+The smbd daemon maintains internal data structures used track
+active connections to file and printer shares.  In certain
+circumstances an attacker may be able to continually increase
+the memory usage of an smbd process by issuing a large number
+of share connection requests.  This defect affects all Samba 
+configurations.
+
+
+==================
+Patch Availability
+==================
+
+A patch for Samba 3.0.1 - 3.0.22 has been posted at
+http://www.samba.org/samba/security/.  
+
+Guidelines for securing Samba hosts are listed at
+http://www.samba.org/docs/server_security.html
+
+
+=======
+Credits
+=======
+
+This security issue discovered during an internal security
+audit of the Samba source code by the Samba Team.
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+
+</body>
+</html>


Property changes on: trunk/security/CAN-2006-3403.html
___________________________________________________________________
Name: svn:executable
   + *



More information about the samba-cvs mailing list