Bug 128230 - CAN-2004-0600 Buffer Overrun in memcpy()
CAN-2004-0600 Buffer Overrun in memcpy()
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-20 10:14 EDT by Josh Bressers
Modified: 2014-08-31 19:26 EDT (History)
3 users (show)

See Also:
Fixed In Version: 3.0.6-2.fc2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 11:26:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-07-20 10:14:06 EDT
** This issue is currently embargoed **

The Samba team reported to us on July 14th that the internal routine
used by the Samba Web Administration Tool (SWAT) to decode the base64
data during HTTP basic authentication is subject to a buffer overrun
caused by an invalid base64 character.

Affected Samba installations include those running v3.0.2 or later and
meeting one of the following three requirements:

(a) Servers using the ldapsam passdb backend
(b) Servers running winbindd and allowing 3rd party applications to
issue authentication requests via the ntlm_auth tool included with Samba.
(c) Servers running SWAT.

EHEL3 is covered by bug 127909
Comment 1 Mark J. Cox (Product Security) 2004-07-21 04:53:30 EDT
embargo moved to Jul22
Comment 2 Mark J. Cox (Product Security) 2004-07-22 07:11:34 EDT
Public at http://www.samba.org/samba/samba.html, removing embargo
Comment 3 Damian Menscher 2004-08-03 16:49:18 EDT
Not to be a nag, but I don't suppose there's going to be a patch for 
this SECURITY issue?  Or is FC1/2 not affected for some reason?
Comment 4 Mark J. Cox (Product Security) 2004-08-03 17:29:14 EDT
Yes, in progress.  

Note that with FC1/2 execshield will help reduce the risk of this
buffer overflow - in the meantime you might want to restrict SWAT port
access via firewall rules.

Note You need to log in before you can comment on or make changes to this bug.