From $URL: o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.
3.5.5 is in tree
(In reply to comment #1) > 3.5.5 is in tree > Thanks, Patrick. Are there any issues with stabilizing 3.5.5 with only 3.4.8 stable now?
3.4.9 was released as an update for the 3.4 slot as well: http://www.samba.org/samba/history/samba-3.4.9.html It should be the preferred stabilization target.
(In reply to comment #3) > 3.4.9 was released as an update for the 3.4 slot as well: > http://www.samba.org/samba/history/samba-3.4.9.html > > It should be the preferred stabilization target. > I'd prefer 3.5, but I just added 3.4.9 so you can have fun with it.
Arches, please test and mark stable: =net-fs/samba-3.4.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
stable x86
stable amd64
alpha/arm/ia64/s390/sh/sparc stable
Stable for HPPA.
Stable for PPC.
ppc64 stable
GLSA request filed.
CVE-2010-3069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069): Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle).