Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 70429 - net-fs/samba: Potential Remote Denial of Service (CAN-2004-0930)
Summary: net-fs/samba: Potential Remote Denial of Service (CAN-2004-0930)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa] vorlon
Depends on:
Reported: 2004-11-08 00:45 UTC by Thierry Carrez (RETIRED)
Modified: 2004-11-11 13:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-11-08 00:45:57 UTC
Still confidential, from samba-pkg-sec :

Versions:    Samba 3.0.x <= 3.0.7

A remote attacker could cause and smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters.

A bug in the input validation routines used to match filename strings containing wildcard characters may allow a user to consume more than normal amounts of CPU cycles thus impacting the performance and response of the server. In some circumstances the server can become entirely unresponsive.

3.0.8 will be released around 09:00 CST (GMT-6) Monday, Nov 8.
Given the short timeframe it's probably better to bump to 3.0.8 when it's ready rather than to patch it. However we've patches if they are preferred.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-11-08 14:16:15 UTC
Issue is now public, fixed version has been released. Please bump to 3.0.8...
Comment 2 Christian Andreetta (RETIRED) gentoo-dev 2004-11-09 01:30:09 UTC
In cvs: samba-3.0.8.ebuild is marked unstable for all archs at now.
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2004-11-09 01:35:25 UTC
thanks Christian

arches please test samba-3.0.8 and mark stable if possible

current KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
target KEYWORDS="arm alpha amd64 hppa ia64 mips ppc ppc64 s390 sparc x86"
Comment 5 Jochen Maes (RETIRED) gentoo-dev 2004-11-09 04:13:21 UTC
stable on ppc
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2004-11-09 08:33:29 UTC
stable on ppc64
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-09 12:43:10 UTC
sparc stable.
Comment 8 Simon Stelling (RETIRED) gentoo-dev 2004-11-09 12:44:36 UTC
amd64 stable
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2004-11-09 12:53:10 UTC
Adding x86 to the needed stable arches
Comment 10 SpanKY gentoo-dev 2004-11-09 22:01:05 UTC
arm/hppa/ia64/s390 stable uNF
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2004-11-10 01:33:40 UTC
Stable on alpha.
Comment 12 Joshua Kinard gentoo-dev 2004-11-10 03:00:13 UTC
mips stable.
Comment 13 Olivier Crete (RETIRED) gentoo-dev 2004-11-10 11:40:18 UTC
x86 there.. sorry for the delay.. 
Btw, why are winbind, quotas and libclamav USE flags not in use.local.desc?
Comment 14 Matthias Geerdsen (RETIRED) gentoo-dev 2004-11-11 13:08:34 UTC
GLSA 200411-21