Bug 601419 (CVE-2010-2063)

Summary: CVE-2010-2063 samba: memory corruption vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: azelinka, bressers, gdeschner, rcvalle, security-response-team, ssorce
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,public=20100616,reported=20100607,source=upstream,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,rhel-3/samba=affected,rhel-4.7.z/samba=affected,rhel-4/samba=affected,rhel-5.3.z/samba=affected,rhel-5.4.z/samba=affected,rhel-5/samba=affected,rhel-5/samba3x=affected,cwe=CWE-228->CWE-119
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-08 12:22:20 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 602317, 602318, 602319, 602320, 602321, 602322, 602323, 602652, 602655, 602656    
Bug Blocks:    

Description Vincent Danen 2010-06-07 18:02:08 EDT
A memory corruption vulnerability exists in the chain_reply() function in Samba 3.3.12 and earlier.  3.4.x and later are not affected.  This flaw could allow a remote, unauthenticated attacker, to crash the samba server or, possibly, execute arbitrary code with the privileges of the samba server.


Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter.
Comment 9 Josh Bressers 2010-06-16 09:55:29 EDT
This is now public:
Comment 10 errata-xmlrpc 2010-06-16 17:36:22 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 5.3.Z - Server Only
  Red Hat Enterprise Linux 5.4.Z - Server Only
  Red Hat Enterprise Linux 4.7 Z Stream

Via RHSA-2010:0488 https://rhn.redhat.com/errata/RHSA-2010-0488.html