[Samba] Regarding -CVE-2010-3069
ssamba321 at gmail.com
Wed Sep 29 04:12:48 MDT 2010
Thanks a lot for posting the CVE-2010-3069 for Buffer Overrun
Vulnerability ,which is affected on all the Samba 3.0.x to 3.5.x releases.
We are using samba 3.0.28a code .According to Samba-3.3.13-CVE-2010-3069
patch, we have changed the code of Samba 3.0.28a.We are unable to modify
samba-3.0.28a code due to following reason.
In the Samba-3.3-13 /source/smbd/nttrance.c ,they are using "req" that of
"struct smb_request" type as a parameter in the call_nt_transact_ioctl ,
call_nt_transact_get_user_quota and call_nt_transact_set_user_quota
functions.But there is no "req" in the 3.0.28a code.We are facing the
problem where we have to change the code of Samba 3.0.28.a.
Any suggestions please help us...
More information about the samba