Summary: | <net-fs/samba-3.4.8 Multiple vulnerabilities (CVE-2010-{1635,1642}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | samba |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.samba.org/?p=samba.git;a=commit;h=25452a2268ac7013da28125f3df22085139af12d | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 323785 |
Description
Alex Legler (RETIRED)
2010-08-10 14:58:32 UTC
CVE-2010-1642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642): The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. Arches, please test and mark stable: =net-fs/samba-3.5.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" (In reply to comment #2) > Arches, please test and mark stable: > =net-fs/samba-3.5.4 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" > Cancel that. Arches, please test and mark stable: =net-fs/samba-3.4.8 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" x86 stable Marked ppc/ppc64 stable. amd64 done alpha/arm/ia64/s390/sh/sparc stable Stable for HPPA. GLSA with 337295. This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle). |