[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Alexander
forsmbg at googlemail.com
Fri Mar 4 00:26:50 MST 2011
On Mon, Feb 28, 2011 at 4:35 PM, Karolin Seeger <kseeger at samba.org> wrote:
> Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
> address CVE-2011-0719.
>
> o CVE-2011-0719:
> All current released versions of Samba are vulnerable to
> a denial of service caused by memory corruption. Range
> checks on file descriptors being used in the FD_SET macro
> were not present allowing stack corruption. This can cause
> the Samba code to crash or to loop attempting to select
> on a bad file descriptor set.
Hello dear Samba team,
Could you please clarify one thing here - does that DoS/loop happen
with _only_ smbd serving that malicious client, or that would crash
the whole Samba service?
thanks,
Alexander
More information about the samba
mailing list