Bug 630869 (CVE-2010-3069)

Summary: CVE-2010-3069 Samba: Stack-based buffer overflow by processing specially-crafted SID records
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: azelinka, bressers, dirk-willem.van.gulik, gdeschner, jrusnack, mbarnes, mjc, security-response-team, ssorce
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20100914,reported=20100906,source=suse,impact=critical,cvss2=8.3/AV:A/AC:L/Au:N/C:C/I:C/A:C,rhel-3/samba=affected,rhel-4/samba=affected,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6.0/samba=affected,fedora-all/samba=affected,cwe=CWE-129->CWE-121
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-30 14:46:20 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 632223, 632224, 632225, 632226, 632227, 632228, 632229, 632230, 632231, 632232, 632264, 632265    
Bug Blocks:    

Description Jan Lieskovsky 2010-09-07 04:44:44 EDT
An array indexing error, leading to stack-based buffer overflow was found
in the way Samba suite processed Security Identifiers (SIDs) with
specially-crafted value of certain field. A remote, unauntenticated user
could prepare and send a specially-crafted SID record during the
subject identification phase, leading to denial of service
(smbd daemon crash) or, potentially, arbitrary code execution
with the privileges of the user running the smbd server.
Comment 4 Jan Lieskovsky 2010-09-07 05:15:10 EDT
This issue affects the versions of the samba package, as shipped
with Red Hat Enterprise Linux 3, 4, and 5.

This issue affects the version of the samba3x package, as shipped
with Red Hat Enterprise Linux 5.

--

This issue affects the versions of the samba package, as shipped
with Fedora release of 12 and 13.
Comment 6 Jan Lieskovsky 2010-09-07 11:50:34 EDT
The CVE identifier of CVE-2010-3069 has been assigned to this issue.
Comment 15 Tomas Hoger 2010-09-14 07:18:35 EDT
Public now via:
  http://samba.org/samba/security/CVE-2010-3069.html
Comment 26 errata-xmlrpc 2010-09-14 17:43:16 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 4.7 Z Stream
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 5.3.Z - Server Only
  Red Hat Enterprise Linux 5.4.Z - Server Only

Via RHSA-2010:0697 https://rhn.redhat.com/errata/RHSA-2010-0697.html
Comment 27 errata-xmlrpc 2010-09-14 18:04:29 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0698 https://rhn.redhat.com/errata/RHSA-2010-0698.html
Comment 28 errata-xmlrpc 2010-11-10 13:59:17 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0860 https://rhn.redhat.com/errata/RHSA-2010-0860.html