Red Hat Bugzilla – Bug 138325
CAN-2004-0930 wildcard remote DoS
Last modified: 2014-08-31 19:26:50 EDT
Samba told us on Nov07 that Samba <3.0.8 is vulnerable to a remote
DoS. Public on Nov08 1500 UTC
"A bug in the input validation routines used to match filename strings
containing wildcard characters may allow a user to consume more than
normal amounts of CPU cycles thus impacting the performance and
response of the server."
CAN-2004-0930 Affects: RHEL3
Embargoed (but only for a few hours).
Created attachment 106271 [details]
Proposed patch from Samba
I'll set this as impact "moderate" as it requires an authenticated
samba user to cause the DoS.
This issue does appear to affect RHEL2.1 after all.
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.