Samba Issue

Perez, Eugenio eugenio.perez at hp.com
Wed Apr 21 19:36:41 MDT 2010


Hello Samba Team

I was wondering if you have a patch available for the vulnerability mentioned below or maybe you can direct me to some site that can help to find the available patches that address this vulnerabilities:

Platforms: AIX, HP-UX, Solaris 9,10 and SuSE

Samba Versions affected: v 3.0.13, v 3.0.28, v 3.0.32, v3.0.34

Your help on this  matter is greatly appreciated. Thank you in advance.

http://www.securityfocus.com/bid/36250/discuss

Samba 3.x Multiple Unspecified Remote Vulnerabilities

Samba is prone to multiple unspecified remote vulnerabilities, including:

- An error in 'smbd' that can be exploited to cause a heap-based overflow.
- An error when Samba is compiled with '--enable-developer' can lead to a heap-based overflow.
- Multiple unspecified stack overflows.
- An unspecified heap-based buffer overflow.

Attackers can exploit these issues to execute code within the context of the affected server. Failed exploit attempts will result in a denial-of-service condition.

Cheers

Eugenio Perez
Technology Consultant
IE - GM AP
HP Enterprise Services
Telephone +64 9 4872202
Email: eugenio.perez at hp.com<mailto:jeremy.davidson at hp.com>
74 Taharoto Road
Level2 Smales Farm
Takapuna
Auckland, NZ 0622


More information about the samba-technical mailing list