128228 – CAN-2004-0686 buffer overflow in 'mangling method = hash' code.

Bug 128228 - CAN-2004-0686 buffer overflow in 'mangling method = hash' code.

Summary: CAN-2004-0686 buffer overflow in 'mangling method = hash' code.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	samba
Sub Component:
Version:	2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-07-20 14:12 UTC by Josh Bressers
Modified:	2014-08-31 23:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:	3.0.6-2.fc2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-03-14 16:20:04 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2004-07-20 14:12:28 UTC

Affected Versions:      Samba 3.0.0 and later

A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable.

Affected Samba 3 installations can avoid this possible security
bug by using the default hash2 mangling method.  Server
installations requiring the hash mangling method are encouraged
to upgrade to Samba 3.0.5.  There are no known exploits for the
bug.

RHEL3 is covered by bug 128227

Comment 1 Mark J. Cox 2004-07-21 08:53:11 UTC

embargo moved to Jul22

Comment 2 Mark J. Cox 2004-07-22 11:11:14 UTC

Public at http://www.samba.org/samba/samba.html, removing embargo

Comment 3 Josh Bressers 2004-08-19 20:18:57 UTC

Jay, what's the status on this issue?

Comment 4 Jay Fenlason 2004-08-19 20:31:50 UTC

_A_ built 3.0.5 based RPMS for fedora testing.  As soon as 3.0.6 
comes out (tonight?), I'll build it for fedora updates.

Note You need to log in before you can comment on or make changes to this bug.