165549 – net-fs/samba multiple vulnerabilities (CVE-2007-045[234])

Bug 165549 - net-fs/samba multiple vulnerabilities (CVE-2007-045[234])

Summary: net-fs/samba multiple vulnerabilities (CVE-2007-045[234])

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/2239...
Whiteboard:	B/C1 [glsa] Falco
Keywords:

Duplicates (2):	165544 165585 (view as bug list)
Depends on:
Blocks:

Reported:	2007-02-06 02:46 UTC by Executioner
Modified:	2007-05-13 06:48 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Executioner 2007-02-06 02:46:11 UTC

The smbd daemon is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to consume excessive memory resources, ultimately crashing the affected application.

Reproducible: Always




http://www.securityfocus.com/archive/1/459167
http://www.securityfocus.com/archive/1/459181

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-02-06 07:38:36 UTC

*** Bug 165544 has been marked as a duplicate of this bug. ***

Comment 2 Tiziano Müller (RETIRED) gentoo-dev

2007-02-06 09:38:44 UTC

From the samba-page:

Samba 3.0.24 is available for general download. This is a security release which addresses CVE-2007-0452, CVE-2007-0453, and CVE-2007-0454.

Tests succeeded as non-root. Retrying now as root.

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2007-02-06 10:03:39 UTC

*** Bug 165585 has been marked as a duplicate of this bug. ***

Comment 4 Tiziano Müller (RETIRED) gentoo-dev

2007-02-06 11:02:46 UTC

Version bump committed (all tests passed, works here).
Security: It's probably your turn now.

Comment 5 Doug Goldstein (RETIRED) gentoo-dev

2007-02-06 16:33:11 UTC

Works for me on x86 and amd64.

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-06 17:00:28 UTC

thanks everybody.

arches, please test and mark stable if appropriate:


net-fs/samba-3.0.24

Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev

2007-02-06 18:51:37 UTC

sparc stable.

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2007-02-06 19:42:58 UTC

ppc64 stable

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2007-02-06 20:16:24 UTC

x86 stable

Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev

2007-02-06 20:44:42 UTC

ppc stable

Comment 11 Simon Stelling (RETIRED) gentoo-dev

2007-02-06 20:58:21 UTC

amd64 stable

Comment 12 Jeroen Roovers (RETIRED) gentoo-dev

2007-02-07 01:42:43 UTC

Stable for HPPA.

Comment 13 Alexander Færøy 2007-02-08 09:26:40 UTC

Stable on Alpha.

Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-09 15:08:48 UTC

thanks

Comment 15 Alexander Færøy 2007-02-11 13:14:36 UTC

Stable on IA64.

Comment 16 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-13 23:55:26 UTC

GLSA 200702-01, thanks to everybody. MIPS, don't forget to mark stable.

Comment 17 Joshua Kinard gentoo-dev

2007-05-13 06:48:55 UTC

mips stable.