Alin Rad Pop of Secunia Research discovered a heap based buffer overflow flaw in
the Samba client library. A boundary error in the receive_smb_raw() function
could allow an overly large SMB packet to execute arbitrary code as the user
running the client.
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.
Created attachment 305534 [details]
Proposed upstream patch for Samba 3.0
Created attachment 305636 [details]
Updated upstream patch for Samba 3.0
Corrects the comment in lib/util_sock.c to remove the incorrect function
contract description. No other functional change to the previous patch.
Public now, lifting embargo:
samba-3.2.0-1.rc1.14.fc9 has been submitted as an update for Fedora 9
Upstream released samba 3.0.30 to address this flaw:
samba-3.0.30-0.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
samba-3.2.0-1.rc1.14.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
samba-3.0.28a-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: