Summary: | <net-fs/samba-{3.5.22, 3.6.19, 4.0.8}: Packet Handling Denial of Service Vulnerability (CVE-2013-4124) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | samba |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54347/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-08-05 20:29:55 UTC
We have a public exploit now: http://www.1337day.com/exploit/21146 CVE-2013-4124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4124): Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Ebuilds are in tree @samba: please tell us explicitly if they are ready for stabilization Maintainer timeout. Arches, please test and stabilize: =net-fs/samba-3.5.22 Target arches: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 =net-fs/samba-3.6.19 Target arches: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 (4.0.8 ~ and masked, so we don't need to do anything there) amd64 stable x86 stable Stable for HPPA. arm stable ppc stable alpha stable ia64 stable ppc64 stable sparc stable Maintainers, please clean up vulnerable versions of: net-fs/samba Thank you. Ping! Maintainer(s), please drop the vulnerable version. 3.5.21 still in tree (only one left from this vulnerability) Maintainer(s), Thank you for cleanup! Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |