svn commit: samba-web r1154 - in trunk/security: .

jerry at samba.org jerry at samba.org
Fri Nov 16 14:21:54 GMT 2007 

Author: jerry
Date: 2007-11-16 14:21:54 +0000 (Fri, 16 Nov 2007)
New Revision: 1154

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1154

Log:
Swap CVE-2007-{4572,5398}
Modified:
   trunk/security/CVE-2007-4572.html
   trunk/security/CVE-2007-5398.html


Changeset:
Modified: trunk/security/CVE-2007-4572.html
===================================================================
--- trunk/security/CVE-2007-4572.html	2007-11-15 23:33:50 UTC (rev 1153)
+++ trunk/security/CVE-2007-4572.html	2007-11-16 14:21:54 UTC (rev 1154)
@@ -8,25 +8,25 @@
 
 <body>
 
-   <H2>CVE-2007-5398 - Remote Code Execution in Samba's nmbd</H2>
+   <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2>
 
+
 <p>
 <pre>
 ==========================================================
 ==
-== Subject:     Remote code execution in Samba's WINS
-==              server daemon (nmbd) when processing name
-==              registration followed name query requests.
+== Subject:     Stack buffer overflow in nmbd's logon
+==              request processing.
 ==
-== CVE ID#:     CVE-2007-5398
+== CVE ID#:     CVE-2007-4572
 ==
 == Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
 ==
-== Summary:     When nmbd has been configured as a WINS
-==              server, a client can send a series of name
-==              registration request followed by a specific
-==              name query request packet and execute
-==              arbitrary code.
+== Summary:     Processing of specially crafted GETDC
+==              mailslot requests can result in a buffer
+==              overrun in nmbd.  It is not believed that
+==              that this issues can be exploited to
+==              result in remote code execution.
 ==
 ==========================================================
 
@@ -34,10 +34,11 @@
 Description
 ===========
 
-Secunia Research reported a vulnerability that allows for
-the execution of arbitrary code in nmbd.  This defect may
-only be exploited when the &quot;wins support&quot; parameter has
-been enabled in smb.conf.
+Samba developers have discovered what is believed to be
+a non-exploitable buffer over in nmbd during the processing
+of GETDC logon server requests.  This code is only used
+when the Samba server is configured as a Primary or Backup
+Domain Controller.
 
 
 ==================
@@ -56,24 +57,26 @@
 Workaround
 ==========
 
-Samba administrators may avoid this security issue by
-disabling the &quot;wins support&quot; feature in the hosts smb.conf
-file.
+Samba administrators may avoid this security issue by disabling
+both the &quot;domain logons&quot; and the &quot;domain master&quot; options in in
+the server's smb.conf file.  Note that this will disable all
+domain controller features as well.
 
 
 =======
 Credits
 =======
 
-This vulnerability was reported to Samba developers by
-Alin Rad Pop, Secunia Research.
+This vulnerability was discovered by Samba developers during
+an internal code audit.
 
 The time line is as follows:
 
-* Oct 30, 2007: Initial report to security at samba.org.
-* Oct 30, 2007: First response from Samba developers confirming
-  the bug along with a proposed patch.
-* Nov 15, 2007: Public security advisory to be made available.
+* Sep 13, 2007: Initial report to security at samba.org including
+  proposed patch.
+* Sep 14, 2007: Patch review by members of the Josh Bressers
+  (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
+* Nov 15, 2007: Public security advisory made available.
 
 
 ==========================================================

Modified: trunk/security/CVE-2007-5398.html
===================================================================
--- trunk/security/CVE-2007-5398.html	2007-11-15 23:33:50 UTC (rev 1153)
+++ trunk/security/CVE-2007-5398.html	2007-11-16 14:21:54 UTC (rev 1154)
@@ -8,25 +8,25 @@
 
 <body>
 
-   <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2>
+   <H2>CVE-2007-5398 - Remote Code Execution in Samba's nmbd</H2>
 
-
 <p>
 <pre>
 ==========================================================
 ==
-== Subject:     Stack buffer overflow in nmbd's logon
-==              request processing.
+== Subject:     Remote code execution in Samba's WINS
+==              server daemon (nmbd) when processing name
+==              registration followed name query requests.
 ==
-== CVE ID#:     CVE-2007-4572
+== CVE ID#:     CVE-2007-5398
 ==
 == Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
 ==
-== Summary:     Processing of specially crafted GETDC
-==              mailslot requests can result in a buffer
-==              overrun in nmbd.  It is not believed that
-==              that this issues can be exploited to
-==              result in remote code execution.
+== Summary:     When nmbd has been configured as a WINS
+==              server, a client can send a series of name
+==              registration request followed by a specific
+==              name query request packet and execute
+==              arbitrary code.
 ==
 ==========================================================
 
@@ -34,11 +34,10 @@
 Description
 ===========
 
-Samba developers have discovered what is believed to be
-a non-exploitable buffer over in nmbd during the processing
-of GETDC logon server requests.  This code is only used
-when the Samba server is configured as a Primary or Backup
-Domain Controller.
+Secunia Research reported a vulnerability that allows for
+the execution of arbitrary code in nmbd.  This defect may
+only be exploited when the &quot;wins support&quot; parameter has
+been enabled in smb.conf.
 
 
 ==================
@@ -57,26 +56,24 @@
 Workaround
 ==========
 
-Samba administrators may avoid this security issue by disabling
-both the &quot;domain logons&quot; and the &quot;domain master&quot; options in in
-the server's smb.conf file.  Note that this will disable all
-domain controller features as well.
+Samba administrators may avoid this security issue by
+disabling the &quot;wins support&quot; feature in the hosts smb.conf
+file.
 
 
 =======
 Credits
 =======
 
-This vulnerability was discovered by Samba developers during
-an internal code audit.
+This vulnerability was reported to Samba developers by
+Alin Rad Pop, Secunia Research.
 
 The time line is as follows:
 
-* Sep 13, 2007: Initial report to security at samba.org including
-  proposed patch.
-* Sep 14, 2007: Patch review by members of the Josh Bressers
-  (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
-* Nov 15, 2007: Public security advisory made available.
+* Oct 30, 2007: Initial report to security at samba.org.
+* Oct 30, 2007: First response from Samba developers confirming
+  the bug along with a proposed patch.
+* Nov 15, 2007: Public security advisory to be made available.
 
 
 ==========================================================

More information about the samba-cvs mailing list