[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Volker.Lendecke at SerNet.DE
Fri Mar 4 01:29:05 MST 2011
On Fri, Mar 04, 2011 at 10:26:50AM +0300, Alexander wrote:
> > Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
> > address CVE-2011-0719.
> > o CVE-2011-0719:
> > All current released versions of Samba are vulnerable to
> > a denial of service caused by memory corruption. Range
> > checks on file descriptors being used in the FD_SET macro
> > were not present allowing stack corruption. This can cause
> > the Samba code to crash or to loop attempting to select
> > on a bad file descriptor set.
> Hello dear Samba team,
> Could you please clarify one thing here - does that DoS/loop happen
> with _only_ smbd serving that malicious client, or that would crash
> the whole Samba service?
It will affect the smbd doing the service only. But under
heavy load it can also affect winbind.
With best regards,
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical