From $URL: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection).
*** Bug 357061 has been marked as a duplicate of this bug. ***
+*samba-3.5.7 (02 Mar 2011) + + 02 Mar 2011; Patrick Lauer <patrick@gentoo.org> +samba-3.5.7.ebuild: + Bump for #356917 ebuilds in tree.
(In reply to comment #2) > +*samba-3.5.7 (02 Mar 2011) > + > + 02 Mar 2011; Patrick Lauer <patrick@gentoo.org> +samba-3.5.7.ebuild: > + Bump for #356917 > > ebuilds in tree. > Could you please also provide ebuild for samba-3.4.12 which contains fix for the same issue for 3.4 branch? http://samba.org/samba/latest_news.html#3.4.12
@security : I've added samba-3.4.12 ebuild to the tree which fixes this issue. Please proceed with the stabilization of samba-3.4.12 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
(In reply to comment #4) > @security : I've added samba-3.4.12 ebuild to the tree which fixes this issue. > Please proceed with the stabilization of samba-3.4.12 > Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 > Great, thank you. Arches, please test and mark stable: =net-fs/samba-3.4.12 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 ok
Looks good here on x86.
Stable for HPPA.
amd64 done. Thanks Agostino
I was only able to see if it compiled OK on SPARC, thats all I was able to do, not having any use for SAMBA unfortunately.
ppc/ppc64 stable
alpha/arm/ia64/s390/sh/sparc/x86 stable
Thanks, everyone. Added to existing GLSA request.
CVE-2011-0719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0719): Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle).
