Red Hat alert RHSA-2004:404-01 gives a reference to samba-2.2.10-1.21as.1.src.rpm sources with fixed a buffer overflow in the code used to support the 'mangling method = hash' smb.conf option. It looks that the same fix will apply to samba-2.2.7-3.7.3.src.rpm from RH7.3 updates and samba-2.2.7a-8.9.0.src.rpm from RH9 updates. I really have no good way to check myself bug samba-2.2.10-1.21as.1.src.rpm package rebuilds on RH7.3 without any fuss. ------- Additional Comments From v 2004-07-30 06:01:15 ---- FWIW, I took the samba-2.2.7-can-2004-0686.patch.bz2 from ftp://ftp.sunet.se/pub/Linux/distributions/mandrakelinux/official/updates/ corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm and applied it to the redhat samba-2.2.7-5.8.0.src.rpm I've been patching along. There was minor offset with the patch, but it compiles and seems to work. BTW, any idea why Fedora Core is not releasing this fix to samba? ------- Additional Comments From v 2004-07-30 06:06:30 ---- Clarification: the original src.rpm is http://updates.redhat.com/8.0/en/os/SRPMS/samba-2.2.7-5.8.0 .src.rpm and I compiled it on RH7.1 (somewhat patched towards RH72/RH73). If samba-2.2.10-1.21as.1.src.rpm is available for download somwhere I can try to compile it. ------- Additional Comments From michal 2004-07-30 07:14:10 ---- > If samba-2.2.10-1.21as.1.src.rpm is available for download somwhere ... Sure. Many mirrors all over the place. For example here: ftp://mirrors.kernel.org/redhat/redhat/linux/updates/enterprise/2.1AS/en/os/SRPMS/ but this is far from the only option. ------- Additional Comments From v 2004-07-30 08:40:38 ---- Oh yeah, I forgot that the RHEL srpm's are available (whereas I gather .i386. rpm's are not.) Anyway, FWIW samba-2.2.10-1.21as.1.src.rpm compiles quite fine on an RH7.1 box (slightly patched towards RH7.2/RH7.3) with gcc-2.96-112.7.1. I would expect it to do so on RH7.3 proper, too. ------- Additional Comments From hjp+bugzilla-fedora-legacy.at 2004-08-04 22:13:11 ---- I have also rebuilt samba-2.2.10-1.21as.1.src.rpm for RH 7.3 (and 6.2 with minor changes to the spec file). After running it for a week on several production servers with 100+ users, no ill effects could be observed. So I'd vote to release that. ------- Additional Comments From marcdeslauriers 2004-08-05 13:04:41 ---- *** Bug 1946 has been marked as a duplicate of this bug. *** ------- Additional Comments From marcdeslauriers 2004-08-05 14:52:49 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated samba packages for 7.3 and 9. Changelog: * Thu Aug 05 2004 Marc Deslauriers <marcdeslauriers> 2.2.10-0.90.1.legacy - - Upgrade to 2.2.10 to fix CAN-2004-0686 7.3: f6b4ce1ab96507aec1fd5509c46b0c7b933ab9e7 samba-2.2.10-0.73.1.legacy.i386.rpm 8f8ba6939859961fdc0fd24564a2f9c9371467d8 samba-2.2.10-0.73.1.legacy.src.rpm eeaac49c1622b9a2fa4fd220e42c4c49d7ccc9c8 samba-client-2.2.10-0.73.1.legacy.i386.rpm 5a34f7b3c8fbb7ea8f3768df6e68645178b21770 samba-common-2.2.10-0.73.1.legacy.i386.rpm 7e8e1ed6d5049251128131c018dd9e4c90aadd05 samba-swat-2.2.10-0.73.1.legacy.i386.rpm 9: e1be89eff808fdb7a68b7c40f0c49c57182ba730 samba-2.2.10-0.90.1.legacy.i386.rpm 56723207697e788c3a0ce166d7c7baa603fceef7 samba-2.2.10-0.90.1.legacy.src.rpm ac77b5b64ee41803e998480d2e95c97efce27e0a samba-client-2.2.10-0.90.1.legacy.i386.rpm 02435f49a8be2bf649d1fd78d999f5832d5a1d1b samba-common-2.2.10-0.90.1.legacy.i386.rpm 1e0a513402ccca5d916cb7c57a35de093c488e6a samba-swat-2.2.10-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-2.2.10-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-2.2.10-0.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-client-2.2.10-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-common-2.2.10-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/samba-swat-2.2.10-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/samba-2.2.10-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/samba-2.2.10-0.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/samba-client-2.2.10-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/samba-common-2.2.10-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/samba-swat-2.2.10-0.90.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBEtYtLMAs/0C4zNoRAqgDAKCVJ4ndJ3KWSl3xhcpKUDP44oN1igCfZJ4J /hNrwRjts+fynEOT/TdC9zM= =8qUv -----END PGP SIGNATURE----- ------- Additional Comments From ckelley 2004-09-02 04:29:16 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 8f8ba6939859961fdc0fd24564a2f9c9371467d8 samba-2.2.10-0.73.1.legacy.src.rpm Package built and installed just fine. I ran through various smbclient test commands without issue. I tested it on two boxes; one as a member of an NT4 domain, and the other standalone. Shares behaved normally on both. Everything looks good; PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBNy4pyQ+yTHz+jJkRApB2AJ0dWmpixX/+rzDnhgjGmZDUOz+hBgCfQWTd CJ+URPm2POyN5gJBXns35RY= =E6XZ -----END PGP SIGNATURE----- ------- Additional Comments From simon 2004-09-09 11:12:01 ---- Have we had a look at this one yet? http://www.securityfocus.com/archive/1/373619 A remote authenticated user can cause smbd to crash. The vendor reported that a remote authenticated user can send a FindNextPrintChangeNotify() request without having previously sent a corresponding FindFirstPrintChangeNotify() requeste to cause smbd to crash. This behavior can be triggered by a Windows XP SP2 client. The flaw resides in printer_notify_info() in 'rpc_server/srv_spoolss_nt.c'. I know I should really download the src.rpm and look at the patch list, but I thought it might be faster if someone who is familar with the build addresses this. - Si ------- Additional Comments From marcdeslauriers 2004-09-09 17:22:00 ---- See bug 2057 for the new vulnerability. This bug has been superseded by bug 2057. ------- Bug moved to this database by dkl 2005-03-30 18:26 ------- This bug previously known as bug 1924 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1924 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.