Red Hat Bugzilla – Bug 128228
CAN-2004-0686 buffer overflow in 'mangling method = hash' code.
Last modified: 2014-08-31 19:26:24 EDT
Affected Versions: Samba 3.0.0 and later
A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable.
Affected Samba 3 installations can avoid this possible security
bug by using the default hash2 mangling method. Server
installations requiring the hash mangling method are encouraged
to upgrade to Samba 3.0.5. There are no known exploits for the
RHEL3 is covered by bug 128227
embargo moved to Jul22
Public at http://www.samba.org/samba/samba.html, removing embargo
Jay, what's the status on this issue?
_A_ built 3.0.5 based RPMS for fedora testing. As soon as 3.0.6
comes out (tonight?), I'll build it for fedora updates.