Bug 128228 - CAN-2004-0686 buffer overflow in 'mangling method = hash' code.
CAN-2004-0686 buffer overflow in 'mangling method = hash' code.
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-20 10:12 EDT by Josh Bressers
Modified: 2014-08-31 19:26 EDT (History)
2 users (show)

See Also:
Fixed In Version: 3.0.6-2.fc2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 11:20:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-07-20 10:12:28 EDT
Affected Versions:      Samba 3.0.0 and later

A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable.

Affected Samba 3 installations can avoid this possible security
bug by using the default hash2 mangling method.  Server
installations requiring the hash mangling method are encouraged
to upgrade to Samba 3.0.5.  There are no known exploits for the
bug.

RHEL3 is covered by bug 128227
Comment 1 Mark J. Cox (Product Security) 2004-07-21 04:53:11 EDT
embargo moved to Jul22
Comment 2 Mark J. Cox (Product Security) 2004-07-22 07:11:14 EDT
Public at http://www.samba.org/samba/samba.html, removing embargo
Comment 3 Josh Bressers 2004-08-19 16:18:57 EDT
Jay, what's the status on this issue?
Comment 4 Jay Fenlason 2004-08-19 16:31:50 EDT
_A_ built 3.0.5 based RPMS for fedora testing.  As soon as 3.0.6 
comes out (tonight?), I'll build it for fedora updates. 

Note You need to log in before you can comment on or make changes to this bug.