Affected Versions: Samba 3.0.0 and later A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. Affected Samba 3 installations can avoid this possible security bug by using the default hash2 mangling method. Server installations requiring the hash mangling method are encouraged to upgrade to Samba 3.0.5. There are no known exploits for the bug. RHEL3 is covered by bug 128227
embargo moved to Jul22
Public at http://www.samba.org/samba/samba.html, removing embargo
Jay, what's the status on this issue?
_A_ built 3.0.5 based RPMS for fedora testing. As soon as 3.0.6 comes out (tonight?), I'll build it for fedora updates.