Red Hat Bugzilla – Bug 128227
CAN-2004-0686 buffer overflow in 'mangling method = hash' code.
Last modified: 2014-08-31 19:26:24 EDT
Affected Versions: Samba 3.0.0 and later
A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable.
Affected Samba 3 installations can avoid this possible security
bug by using the default hash2 mangling method. Server
installations requiring the hash mangling method are encouraged
to upgrade to Samba 3.0.5. There are no known exploits for the
This issue has also been found to affect versions of Samba 2.
Embargo moved to Jul 22
Removing embargo; now public at http://www.samba.org/samba/samba.html
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
(an update to correct juts this issue for RHEL2.1 will be available later)