| Summary: | <net-fs/samba-3.6.24: Multiple vulnerabilities (CVE-2014-{0244,3493}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kroemmelbein, samba |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.samba.org/samba/security/CVE-2014-3493 | ||
| Whiteboard: | A3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 511764 | ||
|
Description
Kristian Fiskerstrand (RETIRED)
2014-06-23 12:25:50 UTC
The following advisory was also posted http://www.samba.org/samba/security/CVE-2014-0244 : =========== Description =========== All current released versions of Samba are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. This flaw is not exploitable beyond causing the code to loop expending CPU resources. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== None. ======= Credits ======= This problem was found by a Red Hat user and analyzed by Stefan Cornelius <scorneli@redhat.com>. Jeremy Allison of Google provided the Samba code fix for nmbd. @maintainers: Please advise once the updated packages are in the tree and available for stabilization. CVE-2014-0244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0244): The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. CVE-2014-3493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3493): The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. *** Bug 531548 has been marked as a duplicate of this bug. *** Maintainers, may we proceed with stabilization of =net-fs/samba-3.6.24 ? Arches please tst and mark stable =net-fs/samba-3.6.24 with target KEYWORDS: alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux Stable for HPPA. amd64 stable x86 stable alpha stable arm stable ppc stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Added to existing GLSA request. Vulnerable versions are either dropped or masked This issue was resolved and addressed in GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
