Bug 138326 - CAN-2004-0930 Samba remote issues (CAN-2004-0882)
CAN-2004-0930 Samba remote issues (CAN-2004-0882)
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-11-08 04:29 EST by Mark J. Cox
Modified: 2014-08-31 19:26 EDT (History)
2 users (show)

See Also:
Fixed In Version: 3.0.9-1.FC2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-14 11:10:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2004-11-08 04:29:50 EST
Samba told us on Nov07 that Samba <3.0.8 is vulnerable to a remote
DoS.  Public on Nov08 1500 UTC

"A bug in the input validation routines used to match filename strings
containing wildcard characters may allow a user to consume more than
normal amounts of CPU cycles thus impacting the performance and
response of the server."

        CAN-2004-0930 Affects: FC2
        CAN-2004-0930 Probably Affects: FC3

(samba-3.0.8-0.pre1.3 is included in FC3 which looks vulnerable, needs

Embargoed (but only for a few hours).
Comment 1 Mark J. Cox 2004-11-15 04:22:08 EST
Additionally - During a code audit, Stefan Esser discovered a buffer
overflow in Samba versions prior to 3.0.8 when handling unicode
filenames. An authenticated remote user could exploit this bug which
may lead to arbitrary code execution on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0882 to this issue. Red Hat believes that the
Exec-Shield technology will block attempts to remotely exploit this
vulnerability on x86 architectures.  This issue was public on 20041115.
Comment 2 Josh Bressers 2004-11-17 08:58:43 EST
Lifting embargo.

Note You need to log in before you can comment on or make changes to this bug.