Bug 138325
| Summary: | CAN-2004-0930 wildcard remote DoS | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Mark J. Cox <mjc> | ||||
| Component: | samba | Assignee: | Jay Fenlason <fenlason> | ||||
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3.0 | CC: | jfeeney, security-response-team, tao | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | embargo=20041108:15,impact=moderate | ||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2004-11-16 17:37:55 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 106271 [details]
Proposed patch from Samba
I'll set this as impact "moderate" as it requires an authenticated samba user to cause the DoS. This issue does appear to affect RHEL2.1 after all. An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-632.html |
Samba told us on Nov07 that Samba <3.0.8 is vulnerable to a remote DoS. Public on Nov08 1500 UTC "A bug in the input validation routines used to match filename strings containing wildcard characters may allow a user to consume more than normal amounts of CPU cycles thus impacting the performance and response of the server." CAN-2004-0930 Affects: RHEL3 Embargoed (but only for a few hours).