Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 337295 (CVE-2010-3069)

Summary: <net-fs/samba-3.4.9: Remote Stack Overflow Vulnerability (CVE-2010-3069)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: patrick, samba
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://us1.samba.org/samba/history/samba-3.5.5.html
Whiteboard: A1 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-09-14 15:49:14 UTC
From $URL:

o  CVE-2010-3069:
   All current released versions of Samba are vulnerable to
   a buffer overrun vulnerability. The sid_parse() function
   (and related dom_sid_parse() function in the source4 code)
   do not correctly check their input lengths when reading a
   binary representation of a Windows SID (Security ID). This
   allows a malicious client to send a sid that can overflow
   the stack variable that is being used to store the SID in the
   Samba smbd server.
Comment 1 Patrick Lauer gentoo-dev 2010-09-14 16:46:26 UTC
3.5.5 is in tree
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-09-14 16:52:22 UTC
(In reply to comment #1)
> 3.5.5 is in tree
> 

Thanks, Patrick. Are there any issues with stabilizing 3.5.5 with only 3.4.8 stable now?

Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-14 17:12:08 UTC
3.4.9 was released as an update for the 3.4 slot as well:
  http://www.samba.org/samba/history/samba-3.4.9.html

It should be the preferred stabilization target.
Comment 4 Patrick Lauer gentoo-dev 2010-09-14 21:01:15 UTC
(In reply to comment #3)
> 3.4.9 was released as an update for the 3.4 slot as well:
>   http://www.samba.org/samba/history/samba-3.4.9.html
> 
> It should be the preferred stabilization target.
> 

I'd prefer 3.5, but I just added 3.4.9 so you can have fun with it.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2010-09-14 21:34:47 UTC
Arches, please test and mark stable:
=net-fs/samba-3.4.9
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2010-09-15 14:33:01 UTC
stable x86
Comment 7 Richard Freeman gentoo-dev 2010-09-16 01:21:47 UTC
stable amd64
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2010-09-18 11:10:56 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2010-09-19 04:47:04 UTC
Stable for HPPA.
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2010-09-19 16:14:09 UTC
Stable for PPC.
Comment 11 Mark Loeser (RETIRED) gentoo-dev 2010-10-24 16:42:27 UTC
ppc64 stable
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2010-10-24 16:54:15 UTC
GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:20:51 UTC
CVE-2010-3069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069):
  Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse
  functions in Samba before 3.5.5 allows remote attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via a crafted Windows
  Security ID (SID) on a file share.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 13:05:19 UTC
This issue was resolved and addressed in
 GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml
by GLSA coordinator Sean Amoss (ackle).