[Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory
exhaustion DoSagainst smbd
Daniel Martin
dmartin at getnet-tecnologia.com.br
Tue Jul 11 14:08:26 GMT 2006
Hello,
We were experiencing this problem with samba 3.0.22, after upgrading to
3.0.23 the bug was gone (at least, until now...)
Guillermo Gutierrez escreveu:
> (Blond-moment question) I take it then, that this bug doesn't apply to
> version 3.0.23?
>
> - Guillermo
>
> -----Original Message-----
> From: samba-bounces+ggutierrez=marketscan.com at lists.samba.org
> [mailto:samba-bounces+ggutierrez=marketscan.com at lists.samba.org] On
> Behalf Of Gerald (Jerry) Carter
> Sent: Monday, July 10, 2006 1:21 PM
> To: samba at samba.org
> Subject: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion
> DoSagainst smbd
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ==========================================================
> ==
> == Subject: Memory exhaustion DoS against smbd
> == CVE ID#: CAN-2006-1059
> ==
> == Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive)
> ==
> == Summary: smbd may allow internal structures
> == maintaining state for share connections
> == to grow unbounded.
> ==
> ==========================================================
>
>
> ===========
> Description
> ===========
>
> The smbd daemon maintains internal data structures used track active
> connections to file and printer shares. In certain circumstances an
> attacker may be able to continually increase the memory usage of an smbd
> process by issuing a large number of share connection requests. This
> defect affects all Samba configurations.
>
>
>
> ==================
> Patch Availability
> ==================
>
> A patch for Samba 3.0.1 - 3.0.22 has been posted at
> http://www.samba.org/samba/security/.
>
> Guidelines for securing Samba hosts are listed at
> http://www.samba.org/docs/server_security.html
>
>
> =======
> Credits
> =======
>
> This security issue discovered during an internal security audit of the
> Samba source code by the Samba Team.
>
>
> ==========================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ==========================================================
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS
> M65Y4TJbTWo46oSFuHc4LXE=
> =CZLB
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
___________________________________________________________________________________________________
Atenciosamente,
Daniel Felipe Martin
GetNet - Tecnologia em Captura e Processamento de Transações
Infra-estrutura
Fone: +55 (51) 3598-9800 Fax: +55 (51) 3598-9801 Ramal 2301
__________________________________________________________________________________________________
More information about the samba
mailing list