svn commit: samba-web r1009 - in trunk: history security
jerry at samba.org
jerry at samba.org
Mon Jul 10 20:28:52 GMT 2006
Author: jerry
Date: 2006-07-10 20:28:52 +0000 (Mon, 10 Jul 2006)
New Revision: 1009
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1009
Log:
patch announcement
Added:
trunk/security/CAN-2006-3403.html
Modified:
trunk/history/security.html
Changeset:
Modified: trunk/history/security.html
===================================================================
--- trunk/history/security.html 2006-07-10 20:24:45 UTC (rev 1008)
+++ trunk/history/security.html 2006-07-10 20:28:52 UTC (rev 1009)
@@ -22,6 +22,16 @@
</tr>
<tr>
+ <td>10 July 2006</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0-CAN-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
+ <td>Memory exhaustion DoS against smbd</td>
+ <td>Samba 3.0.1 - 3.0.22</td>
+ <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-3403">CAN-2006-3403</a></td>
+ <td><a href="/samba/security/CAN-2006-3403.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <tr>
<td>30 March 2006</td>
<td><a href="/samba/ftp/patches/security/samba-3.0.21-CAN-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
<td>Exposure of machine account credentials in winbind log files</td>
Added: trunk/security/CAN-2006-3403.html
===================================================================
--- trunk/security/CAN-2006-3403.html 2006-07-10 20:24:45 UTC (rev 1008)
+++ trunk/security/CAN-2006-3403.html 2006-07-10 20:28:52 UTC (rev 1009)
@@ -0,0 +1,67 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CAN-2006-3403: Memory exhaustion DoS against smbd</H2>
+
+<p>
+<pre>
+==========================================================
+==
+== Subject: Memory exhaustion DoS against smbd
+== CVE ID#: CAN-2006-1059
+==
+== Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive)
+==
+== Summary: smbd may allow internal structures
+== maintaining state for share connections
+== to grow unbounded.
+==
+==========================================================
+
+
+===========
+Description
+===========
+
+The smbd daemon maintains internal data structures used track
+active connections to file and printer shares. In certain
+circumstances an attacker may be able to continually increase
+the memory usage of an smbd process by issuing a large number
+of share connection requests. This defect affects all Samba
+configurations.
+
+
+==================
+Patch Availability
+==================
+
+A patch for Samba 3.0.1 - 3.0.22 has been posted at
+http://www.samba.org/samba/security/.
+
+Guidelines for securing Samba hosts are listed at
+http://www.samba.org/docs/server_security.html
+
+
+=======
+Credits
+=======
+
+This security issue discovered during an internal security
+audit of the Samba source code by the Samba Team.
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+
+</body>
+</html>
Property changes on: trunk/security/CAN-2006-3403.html
___________________________________________________________________
Name: svn:executable
+ *
More information about the samba-cvs
mailing list