Bug 138326 - CAN-2004-0930 Samba remote issues (CAN-2004-0882)
Summary: CAN-2004-0930 Samba remote issues (CAN-2004-0882)
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: samba   
(Show other bugs)
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jay Fenlason
QA Contact: David Lawrence
URL:
Whiteboard: embargo=20041108:15,impact=moderate
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-08 09:29 UTC by Mark J. Cox
Modified: 2014-08-31 23:26 UTC (History)
2 users (show)

Fixed In Version: 3.0.9-1.FC2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 16:10:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mark J. Cox 2004-11-08 09:29:50 UTC
Samba told us on Nov07 that Samba <3.0.8 is vulnerable to a remote
DoS.  Public on Nov08 1500 UTC

"A bug in the input validation routines used to match filename strings
containing wildcard characters may allow a user to consume more than
normal amounts of CPU cycles thus impacting the performance and
response of the server."

        CAN-2004-0930 Affects: FC2
        CAN-2004-0930 Probably Affects: FC3

(samba-3.0.8-0.pre1.3 is included in FC3 which looks vulnerable, needs
confirmation).

Embargoed (but only for a few hours).

Comment 1 Mark J. Cox 2004-11-15 09:22:08 UTC
Additionally - During a code audit, Stefan Esser discovered a buffer
overflow in Samba versions prior to 3.0.8 when handling unicode
filenames. An authenticated remote user could exploit this bug which
may lead to arbitrary code execution on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0882 to this issue. Red Hat believes that the
Exec-Shield technology will block attempts to remotely exploit this
vulnerability on x86 architectures.  This issue was public on 20041115.

Comment 2 Josh Bressers 2004-11-17 13:58:43 UTC
Lifting embargo.


Note You need to log in before you can comment on or make changes to this bug.