Bug 152756

Summary: CAN-2004-0686 - buffer overflow in samba
Product: [Retired] Fedora Legacy Reporter: Michal Jaegermann <michal>
Component: Package requestAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: v
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: LEGACY, QA, rh73, rh90
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:26:21 UTC
Red Hat alert RHSA-2004:404-01 gives a reference to samba-2.2.10-1.21as.1.src.rpm
sources with fixed a buffer overflow in the code used to support the
'mangling method = hash' smb.conf option.  It looks that the same fix
will apply to samba-2.2.7-3.7.3.src.rpm from RH7.3 updates and
samba-2.2.7a-8.9.0.src.rpm from RH9 updates.

I really have no good way to check myself bug samba-2.2.10-1.21as.1.src.rpm
package rebuilds on RH7.3 without any fuss.



------- Additional Comments From v 2004-07-30 06:01:15 ----

FWIW, I took the samba-2.2.7-can-2004-0686.patch.bz2 from
ftp://ftp.sunet.se/pub/Linux/distributions/mandrakelinux/official/updates/
corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm

and applied it to the redhat samba-2.2.7-5.8.0.src.rpm I've been patching along. 
There was minor offset with the patch, but it compiles and seems to work.

BTW, any idea why Fedora Core is not releasing this fix to samba?



------- Additional Comments From v 2004-07-30 06:06:30 ----

Clarification: the original src.rpm is 

http://updates.redhat.com/8.0/en/os/SRPMS/samba-2.2.7-5.8.0
.src.rpm

and I compiled it on RH7.1 (somewhat patched towards RH72/RH73).

If samba-2.2.10-1.21as.1.src.rpm is available for download somwhere I can try to 
compile it.



------- Additional Comments From michal 2004-07-30 07:14:10 ----

> If samba-2.2.10-1.21as.1.src.rpm is available for download somwhere ...
Sure.  Many mirrors all over the place.  For example here:
ftp://mirrors.kernel.org/redhat/redhat/linux/updates/enterprise/2.1AS/en/os/SRPMS/
but this is far from the only option.



------- Additional Comments From v 2004-07-30 08:40:38 ----

Oh yeah, I forgot that the RHEL srpm's are available (whereas I gather .i386.
rpm's are not.)

Anyway, FWIW samba-2.2.10-1.21as.1.src.rpm compiles quite fine on an RH7.1 box 
(slightly patched towards RH7.2/RH7.3) with gcc-2.96-112.7.1. I would expect it 
to do so on RH7.3 proper, too.




------- Additional Comments From hjp+bugzilla-fedora-legacy.at 2004-08-04 22:13:11 ----

I have also rebuilt samba-2.2.10-1.21as.1.src.rpm for RH 7.3 (and 6.2 with minor
changes to the spec file). After running it for a week on several production
servers with 100+ users, no ill effects could be observed.

So I'd vote to release that.



------- Additional Comments From marcdeslauriers 2004-08-05 13:04:41 ----

*** Bug 1946 has been marked as a duplicate of this bug. ***



------- Additional Comments From marcdeslauriers 2004-08-05 14:52:49 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated samba packages for 7.3 and 9.

Changelog:
* Thu Aug 05 2004 Marc Deslauriers <marcdeslauriers>
2.2.10-0.90.1.legacy
- - Upgrade to 2.2.10 to fix CAN-2004-0686

7.3:
f6b4ce1ab96507aec1fd5509c46b0c7b933ab9e7  samba-2.2.10-0.73.1.legacy.i386.rpm
8f8ba6939859961fdc0fd24564a2f9c9371467d8  samba-2.2.10-0.73.1.legacy.src.rpm
eeaac49c1622b9a2fa4fd220e42c4c49d7ccc9c8  samba-client-2.2.10-0.73.1.legacy.i386.rpm
5a34f7b3c8fbb7ea8f3768df6e68645178b21770  samba-common-2.2.10-0.73.1.legacy.i386.rpm
7e8e1ed6d5049251128131c018dd9e4c90aadd05  samba-swat-2.2.10-0.73.1.legacy.i386.rpm

9:
e1be89eff808fdb7a68b7c40f0c49c57182ba730  samba-2.2.10-0.90.1.legacy.i386.rpm
56723207697e788c3a0ce166d7c7baa603fceef7  samba-2.2.10-0.90.1.legacy.src.rpm
ac77b5b64ee41803e998480d2e95c97efce27e0a  samba-client-2.2.10-0.90.1.legacy.i386.rpm
02435f49a8be2bf649d1fd78d999f5832d5a1d1b  samba-common-2.2.10-0.90.1.legacy.i386.rpm
1e0a513402ccca5d916cb7c57a35de093c488e6a  samba-swat-2.2.10-0.90.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-2.2.10-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-2.2.10-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-client-2.2.10-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-common-2.2.10-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-swat-2.2.10-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/samba-2.2.10-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/samba-2.2.10-0.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/samba-client-2.2.10-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/samba-common-2.2.10-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/samba-swat-2.2.10-0.90.1.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBEtYtLMAs/0C4zNoRAqgDAKCVJ4ndJ3KWSl3xhcpKUDP44oN1igCfZJ4J
/hNrwRjts+fynEOT/TdC9zM=
=8qUv
-----END PGP SIGNATURE-----




------- Additional Comments From ckelley 2004-09-02 04:29:16 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
8f8ba6939859961fdc0fd24564a2f9c9371467d8 samba-2.2.10-0.73.1.legacy.src.rpm
 
Package built and installed just fine.  I ran through various
smbclient test commands without issue.  I tested it on two boxes; one
as a member of an NT4 domain, and the other standalone.  Shares
behaved normally on both.
 
Everything looks good;  PUBLISH
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBNy4pyQ+yTHz+jJkRApB2AJ0dWmpixX/+rzDnhgjGmZDUOz+hBgCfQWTd
CJ+URPm2POyN5gJBXns35RY=
=E6XZ
-----END PGP SIGNATURE-----




------- Additional Comments From simon 2004-09-09 11:12:01 ----

Have we had a look at this one yet? 
 
http://www.securityfocus.com/archive/1/373619 
 
A remote authenticated user can cause smbd to crash.  
 
The vendor reported that a remote authenticated user can send a 
FindNextPrintChangeNotify() 
request without having previously sent a corresponding 
FindFirstPrintChangeNotify() 
requeste to cause smbd to crash. 
 
This behavior can be triggered by a Windows XP SP2 client. 
 
The flaw resides in printer_notify_info() in 'rpc_server/srv_spoolss_nt.c'. 
 
I know I should really download the src.rpm and look at the patch list, but I 
thought it might be faster if someone who is familar with the build addresses 
this. 
 
- Si 



------- Additional Comments From marcdeslauriers 2004-09-09 17:22:00 ----

See bug 2057 for the new vulnerability.

This bug has been superseded by bug 2057.



------- Bug moved to this database by dkl 2005-03-30 18:26 -------

This bug previously known as bug 1924 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1924
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.