[Samba] Regarding -CVE-2010-3069

ssamba321 s321 ssamba321 at gmail.com
Wed Sep 29 04:12:48 MDT 2010


Hi All,


Thanks a lot  for posting the  CVE-2010-3069 for Buffer Overrun
Vulnerability ,which is affected on all the Samba 3.0.x to 3.5.x releases.
We are using samba 3.0.28a code  .According to  Samba-3.3.13-CVE-2010-3069
patch, we have changed  the code  of  Samba 3.0.28a.We are unable to modify
samba-3.0.28a code due to following reason.

In the Samba-3.3-13 /source/smbd/nttrance.c  ,they  are using "req" that of
"struct smb_request" type as a parameter in the call_nt_transact_ioctl ,
call_nt_transact_get_user_quota and call_nt_transact_set_user_quota
functions.But there is no "req" in the 3.0.28a code.We are facing the
problem where we have to change the code of Samba 3.0.28.a.


Any suggestions please help us...


More information about the samba mailing list