Red Hat Bugzilla – Bug 128230
CAN-2004-0600 Buffer Overrun in memcpy()
Last modified: 2014-08-31 19:26:24 EDT
** This issue is currently embargoed **
The Samba team reported to us on July 14th that the internal routine
used by the Samba Web Administration Tool (SWAT) to decode the base64
data during HTTP basic authentication is subject to a buffer overrun
caused by an invalid base64 character.
Affected Samba installations include those running v3.0.2 or later and
meeting one of the following three requirements:
(a) Servers using the ldapsam passdb backend
(b) Servers running winbindd and allowing 3rd party applications to
issue authentication requests via the ntlm_auth tool included with Samba.
(c) Servers running SWAT.
EHEL3 is covered by bug 127909
embargo moved to Jul22
Public at http://www.samba.org/samba/samba.html, removing embargo
Not to be a nag, but I don't suppose there's going to be a patch for
this SECURITY issue? Or is FC1/2 not affected for some reason?
Yes, in progress.
Note that with FC1/2 execshield will help reduce the risk of this
buffer overflow - in the meantime you might want to restrict SWAT port
access via firewall rules.