Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 357061 - <net-fs/samba-3.5.7, <net-fs/samba-3.4.12 Denial of service - memory corruption (CVE-2011-0719)
Summary: <net-fs/samba-3.5.7, <net-fs/samba-3.4.12 Denial of service - memory corrupti...
Status: RESOLVED DUPLICATE of bug 356917
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://samba.org/samba/latest_news.ht...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-02 07:29 UTC by Mike Limansky
Modified: 2011-10-30 22:39 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Limansky 2011-03-02 07:29:17 UTC 
CVE-2011-0719 (http://www.samba.org/samba/security/CVE-2011-0719):

All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.

A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).

Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.


The fix is available both for 3.5 and 3.4 branches (http://samba.org/samba/latest_news.html#3.5.7)

Reproducible: Always

Steps to Reproduce:
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-03-02 07:33:17 UTC 
Thank you for the report. Bug 356917 has been created for this issue.

*** This bug has been marked as a duplicate of bug 356917 ***