svn commit: samba-web r1154 - in trunk/security: .
jerry at samba.org
jerry at samba.org
Fri Nov 16 14:21:54 GMT 2007
Author: jerry
Date: 2007-11-16 14:21:54 +0000 (Fri, 16 Nov 2007)
New Revision: 1154
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1154
Log:
Swap CVE-2007-{4572,5398}
Modified:
trunk/security/CVE-2007-4572.html
trunk/security/CVE-2007-5398.html
Changeset:
Modified: trunk/security/CVE-2007-4572.html
===================================================================
--- trunk/security/CVE-2007-4572.html 2007-11-15 23:33:50 UTC (rev 1153)
+++ trunk/security/CVE-2007-4572.html 2007-11-16 14:21:54 UTC (rev 1154)
@@ -8,25 +8,25 @@
<body>
- <H2>CVE-2007-5398 - Remote Code Execution in Samba's nmbd</H2>
+ <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2>
+
<p>
<pre>
==========================================================
==
-== Subject: Remote code execution in Samba's WINS
-== server daemon (nmbd) when processing name
-== registration followed name query requests.
+== Subject: Stack buffer overflow in nmbd's logon
+== request processing.
==
-== CVE ID#: CVE-2007-5398
+== CVE ID#: CVE-2007-4572
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
==
-== Summary: When nmbd has been configured as a WINS
-== server, a client can send a series of name
-== registration request followed by a specific
-== name query request packet and execute
-== arbitrary code.
+== Summary: Processing of specially crafted GETDC
+== mailslot requests can result in a buffer
+== overrun in nmbd. It is not believed that
+== that this issues can be exploited to
+== result in remote code execution.
==
==========================================================
@@ -34,10 +34,11 @@
Description
===========
-Secunia Research reported a vulnerability that allows for
-the execution of arbitrary code in nmbd. This defect may
-only be exploited when the "wins support" parameter has
-been enabled in smb.conf.
+Samba developers have discovered what is believed to be
+a non-exploitable buffer over in nmbd during the processing
+of GETDC logon server requests. This code is only used
+when the Samba server is configured as a Primary or Backup
+Domain Controller.
==================
@@ -56,24 +57,26 @@
Workaround
==========
-Samba administrators may avoid this security issue by
-disabling the "wins support" feature in the hosts smb.conf
-file.
+Samba administrators may avoid this security issue by disabling
+both the "domain logons" and the "domain master" options in in
+the server's smb.conf file. Note that this will disable all
+domain controller features as well.
=======
Credits
=======
-This vulnerability was reported to Samba developers by
-Alin Rad Pop, Secunia Research.
+This vulnerability was discovered by Samba developers during
+an internal code audit.
The time line is as follows:
-* Oct 30, 2007: Initial report to security at samba.org.
-* Oct 30, 2007: First response from Samba developers confirming
- the bug along with a proposed patch.
-* Nov 15, 2007: Public security advisory to be made available.
+* Sep 13, 2007: Initial report to security at samba.org including
+ proposed patch.
+* Sep 14, 2007: Patch review by members of the Josh Bressers
+ (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
+* Nov 15, 2007: Public security advisory made available.
==========================================================
Modified: trunk/security/CVE-2007-5398.html
===================================================================
--- trunk/security/CVE-2007-5398.html 2007-11-15 23:33:50 UTC (rev 1153)
+++ trunk/security/CVE-2007-5398.html 2007-11-16 14:21:54 UTC (rev 1154)
@@ -8,25 +8,25 @@
<body>
- <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2>
+ <H2>CVE-2007-5398 - Remote Code Execution in Samba's nmbd</H2>
-
<p>
<pre>
==========================================================
==
-== Subject: Stack buffer overflow in nmbd's logon
-== request processing.
+== Subject: Remote code execution in Samba's WINS
+== server daemon (nmbd) when processing name
+== registration followed name query requests.
==
-== CVE ID#: CVE-2007-4572
+== CVE ID#: CVE-2007-5398
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
==
-== Summary: Processing of specially crafted GETDC
-== mailslot requests can result in a buffer
-== overrun in nmbd. It is not believed that
-== that this issues can be exploited to
-== result in remote code execution.
+== Summary: When nmbd has been configured as a WINS
+== server, a client can send a series of name
+== registration request followed by a specific
+== name query request packet and execute
+== arbitrary code.
==
==========================================================
@@ -34,11 +34,10 @@
Description
===========
-Samba developers have discovered what is believed to be
-a non-exploitable buffer over in nmbd during the processing
-of GETDC logon server requests. This code is only used
-when the Samba server is configured as a Primary or Backup
-Domain Controller.
+Secunia Research reported a vulnerability that allows for
+the execution of arbitrary code in nmbd. This defect may
+only be exploited when the "wins support" parameter has
+been enabled in smb.conf.
==================
@@ -57,26 +56,24 @@
Workaround
==========
-Samba administrators may avoid this security issue by disabling
-both the "domain logons" and the "domain master" options in in
-the server's smb.conf file. Note that this will disable all
-domain controller features as well.
+Samba administrators may avoid this security issue by
+disabling the "wins support" feature in the hosts smb.conf
+file.
=======
Credits
=======
-This vulnerability was discovered by Samba developers during
-an internal code audit.
+This vulnerability was reported to Samba developers by
+Alin Rad Pop, Secunia Research.
The time line is as follows:
-* Sep 13, 2007: Initial report to security at samba.org including
- proposed patch.
-* Sep 14, 2007: Patch review by members of the Josh Bressers
- (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
-* Nov 15, 2007: Public security advisory made available.
+* Oct 30, 2007: Initial report to security at samba.org.
+* Oct 30, 2007: First response from Samba developers confirming
+ the bug along with a proposed patch.
+* Nov 15, 2007: Public security advisory to be made available.
==========================================================
More information about the samba-cvs
mailing list