[Samba] Regarding the code Change for CVE-2010-3069 ( Buffer Overrun Vulnerability )

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Sep 29 05:36:07 MDT 2010

On Wed, Sep 29, 2010 at 03:51:01PM +0530, ssamba321 s321 wrote:
> We are trying to fix the  CVE-2010-3069 ( Buffer Overrun Vulnerability ) in
> the  Samba 3.0.28a Source code.
> According to  Samba-3.3.13-CVE-2010-3069 patch, we have changed  the code
> of  Samba 3.0.28a.We are unable to modify
> samba-3.0.28a(source/smbd/nttrance.c ) code due to following reason.
> In the Samba-3.3-13 /source/smbd/nttrance.c   we  are using "req" that of
> "struct smb_request" type as a parameter in the call_nt_transact_ioctl ,
> call_nt_transact_get_user_quota and call_nt_transact_set_user_quota
> functions.But there is no "req" in the 3.0.28a code.We are facing the
> problem where we have to change the code of Samba 3.0.28.a.
> Any suggestions please help us...

Sorry, but the Samba Team has discontinued support for 3.0
more than a year ago. However, quite a few distributors like
RedHat and probably debian have backported the security to
their shipped versions of Samba 3.0.


is the current RedHat RPM. Contained in that RPM is a file
called samba-3.0.37-CVE-2010-3069.patch, which might be a
bit closer to what you need.


More information about the samba mailing list