Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 357061

Summary: <net-fs/samba-3.5.7, <net-fs/samba-3.4.12 Denial of service - memory corruption (CVE-2011-0719)
Product: Gentoo Security Reporter: Mike Limansky <limanski>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://samba.org/samba/latest_news.html#3.5.7
Whiteboard:
Package list:
Runtime testing required: ---

Description Mike Limansky 2011-03-02 07:29:17 UTC 
CVE-2011-0719 (http://www.samba.org/samba/security/CVE-2011-0719):

All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.

A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).

Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.


The fix is available both for 3.5 and 3.4 branches (http://samba.org/samba/latest_news.html#3.5.7)

Reproducible: Always

Steps to Reproduce:
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-03-02 07:33:17 UTC 
Thank you for the report. Bug 356917 has been created for this issue.

*** This bug has been marked as a duplicate of bug 356917 ***