Bug 138326 - CAN-2004-0930 Samba remote issues (CAN-2004-0882)
CAN-2004-0930 Samba remote issues (CAN-2004-0882)
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
embargo=20041108:15,impact=moderate
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-08 04:29 EST by Mark J. Cox (Product Security)
Modified: 2014-08-31 19:26 EDT (History)
2 users (show)

See Also:
Fixed In Version: 3.0.9-1.FC2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 11:10:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-11-08 04:29:50 EST
Samba told us on Nov07 that Samba <3.0.8 is vulnerable to a remote
DoS.  Public on Nov08 1500 UTC

"A bug in the input validation routines used to match filename strings
containing wildcard characters may allow a user to consume more than
normal amounts of CPU cycles thus impacting the performance and
response of the server."

        CAN-2004-0930 Affects: FC2
        CAN-2004-0930 Probably Affects: FC3

(samba-3.0.8-0.pre1.3 is included in FC3 which looks vulnerable, needs
confirmation).

Embargoed (but only for a few hours).
Comment 1 Mark J. Cox (Product Security) 2004-11-15 04:22:08 EST
Additionally - During a code audit, Stefan Esser discovered a buffer
overflow in Samba versions prior to 3.0.8 when handling unicode
filenames. An authenticated remote user could exploit this bug which
may lead to arbitrary code execution on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0882 to this issue. Red Hat believes that the
Exec-Shield technology will block attempts to remotely exploit this
vulnerability on x86 architectures.  This issue was public on 20041115.
Comment 2 Josh Bressers 2004-11-17 08:58:43 EST
Lifting embargo.

Note You need to log in before you can comment on or make changes to this bug.