Summary: | <net-fs/samba-3.4.9: Remote Stack Overflow Vulnerability (CVE-2010-3069) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | patrick, samba |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://us1.samba.org/samba/history/samba-3.5.5.html | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-09-14 15:49:14 UTC
3.5.5 is in tree (In reply to comment #1) > 3.5.5 is in tree > Thanks, Patrick. Are there any issues with stabilizing 3.5.5 with only 3.4.8 stable now? 3.4.9 was released as an update for the 3.4 slot as well: http://www.samba.org/samba/history/samba-3.4.9.html It should be the preferred stabilization target. (In reply to comment #3) > 3.4.9 was released as an update for the 3.4 slot as well: > http://www.samba.org/samba/history/samba-3.4.9.html > > It should be the preferred stabilization target. > I'd prefer 3.5, but I just added 3.4.9 so you can have fun with it. Arches, please test and mark stable: =net-fs/samba-3.4.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" stable x86 stable amd64 alpha/arm/ia64/s390/sh/sparc stable Stable for HPPA. Stable for PPC. ppc64 stable GLSA request filed. CVE-2010-3069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069): Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle). |