An integer overflow flaw was found in the way samba read an EA list provided by the client. A malicious client could send a specially crafted EA list that wraps perfectly on a 32-bit boundary, causing the server to loop and re-process the list. This can cause Denial of Service via memory exhaustion. Reference: https://bugzilla.samba.org/show_bug.cgi?id=10010 (curently private)
Support for Extended Attributes (EA) is disabled by default in the versions of samba package shipped with Red Hat Enterprise Linux 5 and 6. As per the smb(5) man page: " This boolean parameter controls whether smbd(8) will allow clients to attempt to store OS/2 style Extended attributes on a share. In order to enable this parameter the underlying filesystem exported by the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the correct kernel patches). On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel. Default: ea support = no "
External References: http://www.samba.org/samba/security/
Upstream patches: http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=b4bfcdf921aeee05c4608d7b48618fdfb1f134dc (against v4.0.7) http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=efdbcabbe97a594572d71d714d258a5854c5d8ce (against v3.6.16) http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=6ef0e33fe8afa0ebb81652b9d42b42d20efadf04 (against v3.5.21)
Created samba tracking bugs for this issue: Affects: fedora-all [bug 993043]
Other references: http://www.samba.org/samba/history/samba-3.5.22.html http://www.samba.org/samba/history/samba-3.6.17.html http://www.samba.org/samba/history/samba-4.0.8.html
samba-4.0.8-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
samba-4.0.8-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Hello, Want to know whether this patch is released for version 3.0.33 or do we need to wait for the fix . Thank you
The paranoia checks are still present in 3.0.33.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1310 https://rhn.redhat.com/errata/RHSA-2013-1310.html
Statement: (none)
Hello All, Is there any ETA for the update to Version of Samba-3.0.33-3.39_el5_8 . Thanks in advance. Thank you, Nandan
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1542 https://rhn.redhat.com/errata/RHSA-2013-1542.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1543 https://rhn.redhat.com/errata/RHSA-2013-1543.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0305 https://rhn.redhat.com/errata/RHSA-2014-0305.html