Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 401479 (CVE-2012-0817) - <net-fs/samba-3.6.3 : Connection Request Memory Leak Denial of Service Vulnerability (CVE-2012-0817)
Summary: <net-fs/samba-3.6.3 : Connection Request Memory Leak Denial of Service Vulner...
Status: RESOLVED FIXED
Alias: CVE-2012-0817
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/47763/
Whiteboard: ~3 [noglsa]
Keywords:
: 401481 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-01-30 11:43 UTC by Agostino Sarubbo
Modified: 2012-02-20 05:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-01-30 11:43:08 UTC 
From secunia security advisory at $URL:

Description:
The vulnerability is caused due to a memory leak error within the smbd daemon when handling connection requests and can be exploited to exhaust memory and render the service unusable.

The vulnerability is reported in versions 3.6.0 through 3.6.2.


Solution:
Update to version 3.6.3.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2012-01-30 11:48:45 UTC 
*** Bug 401481 has been marked as a duplicate of this bug. ***
Comment 2 Patrick Lauer gentoo-dev 2012-01-30 12:21:38 UTC 
3.6.3 is in tree now.
Comment 3 Agostino Sarubbo gentoo-dev 2012-01-30 13:09:16 UTC 
Fixed, thanks
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 05:31:11 UTC 
CVE-2012-0817 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0817):
  Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to
  cause a denial of service (memory and CPU consumption) by making many
  connection requests.