[Samba] Regarding the code Change for CVE-2010-3069 ( Buffer Overrun Vulnerability )
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Sep 29 05:36:07 MDT 2010
On Wed, Sep 29, 2010 at 03:51:01PM +0530, ssamba321 s321 wrote:
> We are trying to fix the CVE-2010-3069 ( Buffer Overrun Vulnerability ) in
> the Samba 3.0.28a Source code.
> According to Samba-3.3.13-CVE-2010-3069 patch, we have changed the code
> of Samba 3.0.28a.We are unable to modify
> samba-3.0.28a(source/smbd/nttrance.c ) code due to following reason.
>
> In the Samba-3.3-13 /source/smbd/nttrance.c we are using "req" that of
> "struct smb_request" type as a parameter in the call_nt_transact_ioctl ,
> call_nt_transact_get_user_quota and call_nt_transact_set_user_quota
> functions.But there is no "req" in the 3.0.28a code.We are facing the
> problem where we have to change the code of Samba 3.0.28.a.
>
>
> Any suggestions please help us...
Sorry, but the Samba Team has discontinued support for 3.0
more than a year ago. However, quite a few distributors like
RedHat and probably debian have backported the security to
their shipped versions of Samba 3.0.
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm
is the current RedHat RPM. Contained in that RPM is a file
called samba-3.0.37-CVE-2010-3069.patch, which might be a
bit closer to what you need.
Volker
More information about the samba
mailing list