Bug 138326
Summary: | CAN-2004-0930 Samba remote issues (CAN-2004-0882) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mark J. Cox <mjc> |
Component: | samba | Assignee: | Jay Fenlason <fenlason> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2 | CC: | jfeeney, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | embargo=20041108:15,impact=moderate | ||
Fixed In Version: | 3.0.9-1.FC2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-14 16:10:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2004-11-08 09:29:50 UTC
Additionally - During a code audit, Stefan Esser discovered a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0882 to this issue. Red Hat believes that the Exec-Shield technology will block attempts to remotely exploit this vulnerability on x86 architectures. This issue was public on 20041115. Lifting embargo. |