samba announce - Jul 2006 - [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

============================================================ Subject:     Memory
exhaustion DoS against smbd
== CVE ID#:     CAN-2006-1059
=== Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
=== Summary:     smbd may allow internal structures
==              maintaining state for share connections
==              to grow unbounded.
==========================================================

==========Description
==========
The smbd daemon maintains internal data structures used track
active connections to file and printer shares.  In certain
circumstances an attacker may be able to continually increase
the memory usage of an smbd process by issuing a large number
of share connection requests.  This defect affects all Samba
configurations.



=================Patch Availability
=================
A patch for Samba 3.0.1 - 3.0.22 has been posted at
http://www.samba.org/samba/security/.

Guidelines for securing Samba hosts are listed at
http://www.samba.org/docs/server_security.html


======Credits
======
This security issue discovered during an internal security
audit of the Samba source code by the Samba Team.


=========================================================== Our Code, Our Bugs,
Our Responsibility.
== The Samba Team
=========================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS
M65Y4TJbTWo46oSFuHc4LXE=CZLB
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

============================================================ Subject:     Memory
exhaustion DoS against smbd
== CVE ID#:     CAN-2006-1059
=== Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
=== Summary:     smbd may allow internal structures
==              maintaining state for share connections
==              to grow unbounded.
==========================================================

==========Description
==========
The smbd daemon maintains internal data structures used track
active connections to file and printer shares.  In certain
circumstances an attacker may be able to continually increase
the memory usage of an smbd process by issuing a large number
of share connection requests.  This defect affects all Samba
configurations.



=================Patch Availability
=================
A patch for Samba 3.0.1 - 3.0.22 has been posted at
http://www.samba.org/samba/security/.

Guidelines for securing Samba hosts are listed at
http://www.samba.org/docs/server_security.html


======Credits
======
This security issue discovered during an internal security
audit of the Samba source code by the Samba Team.


=========================================================== Our Code, Our Bugs,
Our Responsibility.
== The Samba Team
=========================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEsrbQIR7qMdg1EfYRAtQqAJ9E17cqTxRq91dctS2YmdEZJ1W2FwCff2lr
hG50W6mAkt1km+xqivzh0/g=6yRA
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
> =========================================================> => ==
Subject:     Memory exhaustion DoS against smbd
> == CVE ID#:     CAN-2006-1059
> => == Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
> => == Summary:     smbd may allow internal structures
> ==              maintaining state for share connections
> ==              to grow unbounded.
> => =========================================================
This is a cut-n-paste error.  The correct CVE # is
CVE-2006-3403.  Sorry for any confusion. It has been
updated on the web site as well.





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEstI6IR7qMdg1EfYRAl0IAKCxE03jkTx+HWC5aMT3es/S6xYsBgCZAYZw
NjoFczlXBVtTgWUtStrMM5E=8N2b
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
> =========================================================> => ==
Subject:     Memory exhaustion DoS against smbd
> == CVE ID#:     CAN-2006-1059
> => == Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
> => == Summary:     smbd may allow internal structures
> ==              maintaining state for share connections
> ==              to grow unbounded.
> => =========================================================
This is a cut-n-paste error.  The correct CVE # is
CVE-2006-3403.  Sorry for any confusion. It has been
updated on the web site as well.





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEstI6IR7qMdg1EfYRAl0IAKCxE03jkTx+HWC5aMT3es/S6xYsBgCZAYZw
NjoFczlXBVtTgWUtStrMM5E=8N2b
-----END PGP SIGNATURE-----

(Blond-moment question) I take it then, that this bug doesn't apply to
version 3.0.23?

- Guillermo

-----Original Message-----
From: samba-bounces+ggutierrez=marketscan.com@lists.samba.org
[mailto:samba-bounces+ggutierrez=marketscan.com@lists.samba.org] On
Behalf Of Gerald (Jerry) Carter
Sent: Monday, July 10, 2006 1:21 PM
To: samba@samba.org
Subject: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion
DoSagainst smbd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

============================================================ Subject:     Memory
exhaustion DoS against smbd
== CVE ID#:     CAN-2006-1059
=== Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
=== Summary:     smbd may allow internal structures
==              maintaining state for share connections
==              to grow unbounded.
==========================================================

==========Description
==========
The smbd daemon maintains internal data structures used track active
connections to file and printer shares.  In certain circumstances an
attacker may be able to continually increase the memory usage of an smbd
process by issuing a large number of share connection requests.  This
defect affects all Samba configurations.



=================Patch Availability
=================
A patch for Samba 3.0.1 - 3.0.22 has been posted at
http://www.samba.org/samba/security/.

Guidelines for securing Samba hosts are listed at
http://www.samba.org/docs/server_security.html


======Credits
======
This security issue discovered during an internal security audit of the
Samba source code by the Samba Team.


=========================================================== Our Code, Our Bugs,
Our Responsibility.
== The Samba Team
=========================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS
M65Y4TJbTWo46oSFuHc4LXE=CZLB
-----END PGP SIGNATURE-----

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

> -----Original Message-----
> 
> =========================================================> => ==
Subject:     Memory exhaustion DoS against smbd
> == CVE ID#:     CAN-2006-1059
> => == Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
> => == Summary:     smbd may allow internal structures
> ==              maintaining state for share connections
> ==              to grow unbounded.
> => =========================================================> 
> 
> ==========> Description
> ==========> 
> The smbd daemon maintains internal data structures used track 
> active connections to file and printer shares.  In certain 
> circumstances an attacker may be able to continually increase 
> the memory usage of an smbd process by issuing a large number 
> of share connection requests.  This defect affects all Samba 
> configurations.
While we wait for this patch to get backported into 3.0.10 as a RHEL4
update, will setting the 'max connections' parameter on all shares work
around this problem?

Bob G
_____________________________________________________________

This email (including any attachments to it) is confidential, legally
privileged, subject to copyright and is sent for the personal attention of the
intended recipient only. If you have received this email in error, please advise
us immediately and delete it. You are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited. Although we have taken reasonable
precautions to ensure no viruses are present in this email, we cannot accept
responsibility for any loss or damage arising from the viruses in this email or
attachments. We exclude any liability for the content of this email, or for the
consequences of any actions taken on the basis of the information provided in
this email or its attachments, unless that information is subsequently confirmed
in writing. If this email contains an offer, that should be considered as an
invitation to treat.
_____________________________________________________________