Samba told us on Nov07 that Samba <3.0.8 is vulnerable to a remote DoS. Public on Nov08 1500 UTC "A bug in the input validation routines used to match filename strings containing wildcard characters may allow a user to consume more than normal amounts of CPU cycles thus impacting the performance and response of the server." CAN-2004-0930 Affects: FC2 CAN-2004-0930 Probably Affects: FC3 (samba-3.0.8-0.pre1.3 is included in FC3 which looks vulnerable, needs confirmation). Embargoed (but only for a few hours).
Additionally - During a code audit, Stefan Esser discovered a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0882 to this issue. Red Hat believes that the Exec-Shield technology will block attempts to remotely exploit this vulnerability on x86 architectures. This issue was public on 20041115.
Lifting embargo.