[Fc6] was: Re: [Samba] [SECURITY] Buffer overrun in send_mailslot()
simo
idra at samba.org
Mon Dec 10 19:00:38 UTC 2007
Fedora 7 and 8 packages are being released but as you may know FC6 has
reached EOL just recently.
As I think this is an important security problem I decided to release
new packages for FC6 so that people that have not yet finished their
migration to newer supported Fedora releases can buy some more time.
This is a one off service I felt compelled to release to help people, I
am not going to do regular releases for FC6.
Packages here:
http://simo.fedoraproject.org/samba
Simo.
On Mon, 2007-12-10 at 07:49 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ==========================================================
> ==
> == Subject: Boundary failure in GETDC mailslot
> == processing can result in a buffer overrun
> ==
> == CVE ID#: CVE-2007-6015
> ==
> == Versions: Samba 3.0.0 - 3.0.27a (inclusive)
> ==
> == Summary: Specifically crafted GETDC mailslot requests
> == can trigger a boundary error in the domain
> == controller GETDC mail slot support which
> == can be remotely exploited to execute arbitrary
> == code.
> ==
> ==========================================================
>
> ===========
> Description
> ===========
>
> Secunia Research reported a vulnerability that allows for
> the execution of arbitrary code in nmbd. This defect is
> only be exploited when the "domain logons" parameter has
> been enabled in smb.conf.
>
>
> ==================
> Patch Availability
> ==================
>
> A patch addressing this defect has been posted to
>
> http://www.samba.org/samba/security/
>
> Additionally, Samba 3.0.28 has been issued as a security
> release to correct the defect.
>
>
> ==========
> Workaround
> ==========
>
> Samba administrators may avoid this security issue by disabling
> both the "domain logons" options in the server's smb.conf file.
> Note that this will disable all domain controller features as
> well.
>
>
> =======
> Credits
> =======
>
> This vulnerability was reported to Samba developers by
> Alin Rad Pop, Secunia Research.
>
> The time line is as follows:
>
> * Nov 22, 2007: Initial report to security at samba.org.
> * Nov 22, 2007: First response from Samba developers confirming
> the bug along with a proposed patch.
> * Dec 10, 2007: Public security advisory made available.
>
>
> ==========================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ==========================================================
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHXUPeIR7qMdg1EfYRArBPAKDeDyXyeauJuVk0FcHYWbBci0Dw6gCgoYYF
> UmvJh11x9pp5Nbbg/VYpSJ0=
> =d7SS
> -----END PGP SIGNATURE-----
>
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the fedora-announce-list
mailing list