Bug 401479 (CVE-2012-0817)

Summary:	<net-fs/samba-3.6.3 : Connection Request Memory Leak Denial of Service Vulnerability (CVE-2012-0817)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	kilburna, patrick, samba
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://secunia.com/advisories/47763/
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2012-01-30 11:43:08 UTC

From secunia security advisory at $URL:

Description:
The vulnerability is caused due to a memory leak error within the smbd daemon when handling connection requests and can be exploited to exhaust memory and render the service unusable.

The vulnerability is reported in versions 3.6.0 through 3.6.2.


Solution:
Update to version 3.6.3.

Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2012-01-30 11:48:45 UTC

*** Bug 401481 has been marked as a duplicate of this bug. ***

Comment 2 Patrick Lauer gentoo-dev

2012-01-30 12:21:38 UTC

3.6.3 is in tree now.

Comment 3 Agostino Sarubbo gentoo-dev

2012-01-30 13:09:16 UTC

Fixed, thanks

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2012-02-20 05:31:11 UTC

CVE-2012-0817 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0817):
  Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to
  cause a denial of service (memory and CPU consumption) by making many
  connection requests.