[SCM] Samba Website Repository - branch master updated
Lars Müller
lmuelle at samba.org
Thu Feb 23 14:20:42 MST 2012
The branch, master has been updated
via 7e39675 Add draft of CVE-2012-0870 annoucement.
from 7a4f50b Replace no longer existing sfconservancy web host
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7e396756df36ae8893ad93e7df035be929308121
Author: Lars Müller <lars at samba.org>
Date: Thu Feb 23 22:20:06 2012 +0100
Add draft of CVE-2012-0870 annoucement.
-----------------------------------------------------------------------
Summary of changes:
security/CVE-2012-0870.html | 73 +++++++++++++++++++++++++++++++++++++++++++
1 files changed, 73 insertions(+), 0 deletions(-)
create mode 100644 security/CVE-2012-0870.html
Changeset truncated at 500 lines:
diff --git a/security/CVE-2012-0870.html b/security/CVE-2012-0870.html
new file mode 100644
index 0000000..452eebf
--- /dev/null
+++ b/security/CVE-2012-0870.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2012-0870:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Remote code execution vulnerability in smbd
+==
+== CVE ID#: CVE-2012-0870
+==
+== Versions: Samba pre-3.4.0
+==
+== Summary: Ensure AndX offsets are increasing strictly monotonically
+ in pre-3.4 versions
+==
+===========================================================
+
+===========
+Description
+===========
+
+Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
+(smbd) are increasing strictly monotonically.
+
+Therefore a remote code execution vulnerability exists in the service.
+A remote attacker could use the vulnerability to launch an exploit over a
+network connection
+
+==========
+Workaround
+==========
+
+None.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+As all pre-3.4.0 versions are discontinued at least since August 9, 2011 even
+for security patches, the patches are provided as an extra service to our
+community, users, and verndors.
+
+=======
+Credits
+=======
+
+The vulnerability was discovered by Andy Davis of NGS Secure¹ and reported by
+Greg Kinasewitz of Research In Motion². Patches were written by Volker
+Lendecke of the Samba Team.
+
+==========
+References
+==========
+
+¹ http://www.ngssecure.com/research/research-overview.aspx
+² http://www.blackberry.com/btsc/KB29565
+
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list