An array indexing error, leading to stack-based buffer overflow was found in the way Samba suite processed Security Identifiers (SIDs) with specially-crafted value of certain field. A remote, unauntenticated user could prepare and send a specially-crafted SID record during the subject identification phase, leading to denial of service (smbd daemon crash) or, potentially, arbitrary code execution with the privileges of the user running the smbd server.
This issue affects the versions of the samba package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue affects the version of the samba3x package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the versions of the samba package, as shipped with Fedora release of 12 and 13.
The CVE identifier of CVE-2010-3069 has been assigned to this issue.
Public now via: http://samba.org/samba/security/CVE-2010-3069.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 4.7 Z Stream Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 5.3.Z - Server Only Red Hat Enterprise Linux 5.4.Z - Server Only Via RHSA-2010:0697 https://rhn.redhat.com/errata/RHSA-2010-0697.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0698 https://rhn.redhat.com/errata/RHSA-2010-0698.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0860 https://rhn.redhat.com/errata/RHSA-2010-0860.html