Gerald (Jerry) Carter
2006-Jul-10 21:17 UTC
[Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Memory exhaustion DoS against smbd == CVE ID#: CAN-2006-1059 === Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) === Summary: smbd may allow internal structures == maintaining state for share connections == to grow unbounded. ========================================================== ==========Description ========== The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. =================Patch Availability ================= A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html ======Credits ====== This security issue discovered during an internal security audit of the Samba source code by the Samba Team. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS M65Y4TJbTWo46oSFuHc4LXE=CZLB -----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2006-Jul-10 21:21 UTC
[SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Memory exhaustion DoS against smbd == CVE ID#: CAN-2006-1059 === Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) === Summary: smbd may allow internal structures == maintaining state for share connections == to grow unbounded. ========================================================== ==========Description ========== The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. =================Patch Availability ================= A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html ======Credits ====== This security issue discovered during an internal security audit of the Samba source code by the Samba Team. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEsrbQIR7qMdg1EfYRAtQqAJ9E17cqTxRq91dctS2YmdEZJ1W2FwCff2lr hG50W6mAkt1km+xqivzh0/g=6yRA -----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2006-Jul-10 22:18 UTC
Re: [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerald (Jerry) Carter wrote:> =========================================================> => == Subject: Memory exhaustion DoS against smbd > == CVE ID#: CAN-2006-1059 > => == Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) > => == Summary: smbd may allow internal structures > == maintaining state for share connections > == to grow unbounded. > => =========================================================This is a cut-n-paste error. The correct CVE # is CVE-2006-3403. Sorry for any confusion. It has been updated on the web site as well. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEstI6IR7qMdg1EfYRAl0IAKCxE03jkTx+HWC5aMT3es/S6xYsBgCZAYZw NjoFczlXBVtTgWUtStrMM5E=8N2b -----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2006-Jul-10 22:18 UTC
[Samba] Re: [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerald (Jerry) Carter wrote:> =========================================================> => == Subject: Memory exhaustion DoS against smbd > == CVE ID#: CAN-2006-1059 > => == Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) > => == Summary: smbd may allow internal structures > == maintaining state for share connections > == to grow unbounded. > => =========================================================This is a cut-n-paste error. The correct CVE # is CVE-2006-3403. Sorry for any confusion. It has been updated on the web site as well. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEstI6IR7qMdg1EfYRAl0IAKCxE03jkTx+HWC5aMT3es/S6xYsBgCZAYZw NjoFczlXBVtTgWUtStrMM5E=8N2b -----END PGP SIGNATURE-----
Guillermo Gutierrez
2006-Jul-11 14:00 UTC
[Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
(Blond-moment question) I take it then, that this bug doesn't apply to version 3.0.23? - Guillermo -----Original Message----- From: samba-bounces+ggutierrez=marketscan.com@lists.samba.org [mailto:samba-bounces+ggutierrez=marketscan.com@lists.samba.org] On Behalf Of Gerald (Jerry) Carter Sent: Monday, July 10, 2006 1:21 PM To: samba@samba.org Subject: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Memory exhaustion DoS against smbd == CVE ID#: CAN-2006-1059 === Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) === Summary: smbd may allow internal structures == maintaining state for share connections == to grow unbounded. ========================================================== ==========Description ========== The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. =================Patch Availability ================= A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html ======Credits ====== This security issue discovered during an internal security audit of the Samba source code by the Samba Team. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS M65Y4TJbTWo46oSFuHc4LXE=CZLB -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Gautier, B (Bob)
2006-Jul-19 14:37 UTC
[Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
> -----Original Message----- > > =========================================================> => == Subject: Memory exhaustion DoS against smbd > == CVE ID#: CAN-2006-1059 > => == Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) > => == Summary: smbd may allow internal structures > == maintaining state for share connections > == to grow unbounded. > => =========================================================> > > ==========> Description > ==========> > The smbd daemon maintains internal data structures used track > active connections to file and printer shares. In certain > circumstances an attacker may be able to continually increase > the memory usage of an smbd process by issuing a large number > of share connection requests. This defect affects all Samba > configurations.While we wait for this patch to get backported into 3.0.10 as a RHEL4 update, will setting the 'max connections' parameter on all shares work around this problem? Bob G _____________________________________________________________ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _____________________________________________________________
Apparently Analagous Threads
- [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
- CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
- Functional Testing
- Heap Exhaustion during 'DAGCombiner::Run'
- Heap Exhaustion during 'DAGCombiner::Run'