[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available

Alexander forsmbg at googlemail.com
Fri Mar 4 00:26:50 MST 2011

On Mon, Feb 28, 2011 at 4:35 PM, Karolin Seeger <kseeger at samba.org> wrote:
> Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
> address CVE-2011-0719.
> o  CVE-2011-0719:
>   All current released versions of Samba are vulnerable to
>   a denial of service caused by memory corruption. Range
>   checks on file descriptors being used in the FD_SET macro
>   were not present allowing stack corruption. This can cause
>   the Samba code to crash or to loop attempting to select
>   on a bad file descriptor set.

Hello dear Samba team,

Could you please clarify one thing here - does that DoS/loop happen
with _only_ smbd serving that malicious client, or that would crash
the whole Samba service?


More information about the samba mailing list