198297 – CVE-2006-3403 Samba denial of service

Bug 198297 - CVE-2006-3403 Samba denial of service

Summary: CVE-2006-3403 Samba denial of service

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	samba
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Simo Sorce
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:	source=vendorsec,reported=20060705,em...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-07-10 21:20 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:	3.0.24-1.fc5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-03-15 14:46:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-07-10 21:20:45 UTC

+++ This bug was initially created as a clone of Bug #197836 +++

Samba denial of service

Upstream alerted us to a denial of service bug in Samba.

Here is the description from the mail:

"""
We've got a small anonymous DoS against Samba 3.0.1 - 3.0.22
inclusive.  The bug is caused by continually increasing
the size of an array which maintains state information about
the number of active share connections.  The result is that
an attacker could cause a single smbd to bloat exhausting
the memory on a server.
"""

-- Additional comment from bressers on 2006-07-06 14:30 EST --
Created an attachment (id=132013)
Patch from upstream


-- Additional comment from bressers on 2006-07-10 17:18 EST --
Lifting embargo:
http://samba.org/samba/security/CAN-2006-3403.html

Comment 1 Fedora Update System 2006-07-15 00:54:45 UTC

samba-3.0.23-1.fc4 has been pushed for fc4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.