Bug 128230 - CAN-2004-0600 Buffer Overrun in memcpy()
Summary: CAN-2004-0600 Buffer Overrun in memcpy()
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
(Show other bugs)
Version: 2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Jay Fenlason
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-20 14:14 UTC by Josh Bressers
Modified: 2014-08-31 23:26 UTC (History)
3 users (show)

Fixed In Version: 3.0.6-2.fc2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 16:26:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Josh Bressers 2004-07-20 14:14:06 UTC
** This issue is currently embargoed **

The Samba team reported to us on July 14th that the internal routine
used by the Samba Web Administration Tool (SWAT) to decode the base64
data during HTTP basic authentication is subject to a buffer overrun
caused by an invalid base64 character.

Affected Samba installations include those running v3.0.2 or later and
meeting one of the following three requirements:

(a) Servers using the ldapsam passdb backend
(b) Servers running winbindd and allowing 3rd party applications to
issue authentication requests via the ntlm_auth tool included with Samba.
(c) Servers running SWAT.

EHEL3 is covered by bug 127909

Comment 1 Mark J. Cox 2004-07-21 08:53:30 UTC
embargo moved to Jul22

Comment 2 Mark J. Cox 2004-07-22 11:11:34 UTC
Public at http://www.samba.org/samba/samba.html, removing embargo

Comment 3 Damian Menscher 2004-08-03 20:49:18 UTC
Not to be a nag, but I don't suppose there's going to be a patch for 
this SECURITY issue?  Or is FC1/2 not affected for some reason?

Comment 4 Mark J. Cox 2004-08-03 21:29:14 UTC
Yes, in progress.  

Note that with FC1/2 execshield will help reduce the risk of this
buffer overflow - in the meantime you might want to restrict SWAT port
access via firewall rules.


Note You need to log in before you can comment on or make changes to this bug.