similar to: Samba Security Announcement -- Potential Arbitrary File Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: Potential Arbitrary File Access Affected Versions: Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5 Summary: A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. Patch Availability - ------------------

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ERRATA - ------ The original announcement for the Samba vulnerability identified by CAN-2004-0815 reported that Samba versions 3.0.0 - 3.0.5 inclusive were subject the remote file access bug. Later research has confirmed that *only* Samba 3.0.x <= 3.0.2a contains the exploitable code. The Samba Team expresses sincere apologies for any confusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ERRATA - ------ The original announcement for the Samba vulnerability identified by CAN-2004-0815 reported that Samba versions 3.0.0 - 3.0.5 inclusive were subject the remote file access bug. Later research has confirmed that *only* Samba 3.0.x <= 3.0.2a contains the exploitable code. The Samba Team expresses sincere apologies for any confusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: Potential Remote Denial of Service CVE #: CAN-2004-0930 Affected Versions: Samba 3.0.x <= 3.0.7 Summary: A remote attacker could cause and smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Patch Availability - ------------------ A

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ######################## SECURITY RELEASE ######################## Summary: Potential Arbitrary File Access Summary: A remote attacker may be able to gain to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. CVE ID: CAN-2004-0815

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ######################## SECURITY RELEASE ######################## Summary: Potential Arbitrary File Access Summary: A remote attacker may be able to gain to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. CVE ID: CAN-2004-0815

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: Samba 3.0.x Denial of Service Flaw Summary: (i) A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible to exhaust the memory resources on the server. (ii) A DoS bug in nmbd may allow an attacker to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: Samba 3.0.x Denial of Service Flaw Summary: (i) A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible to exhaust the memory resources on the server. (ii) A DoS bug in nmbd may allow an attacker to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote Command Injection Vulnerability == CVE ID#: CVE-2007-2447 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Unescaped user input parameters are passed == as arguments to /bin/sh allowing for remote == command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Possible remote code execution == CVE ID#: CAN-2004-1154 == == Versions: Samba 2.x & 3.0.x <= 3.0.9 == == Summary: A potential integer overflow when == unmarshalling specific MS-RPC requests == from clients could lead to heap == corruption and remote code execution.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Possible remote code execution == CVE ID#: CAN-2004-1154 == == Versions: Samba 2.x & 3.0.x <= 3.0.9 == == Summary: A potential integer overflow when == unmarshalling specific MS-RPC requests == from clients could lead to heap == corruption and remote code execution.

Hi. I subscripted just now to the mailing list, but I've been using a Samba file server (PDC) on Debian for about 2.5 years now. Users are almost all WinXP SP3. No users are complaining but since I changed everything to one share with group permission on underlying directories I see a lot of errors in log.smbd. Anyone knows what the log message exactly means? I guess it has something to

Hi there, I have a problem I can not solve myself. I have samba 3.0.28 installed on a Ubuntu 8.0.4 server. Samba is a member of AD. Authentication is kerberos, user- / group ids are handled by nis (Windows 2008 SFU / NIS Server). My Samba config: [global] write list = admin,rado,@Administratoren deny hosts = 0.0.0.0/0.0.0.0 client schannel = No allow hosts = localhost,

Hi, I have a strange problem listing a share with, e.g. # ls -al /path/to/share I have a samba-client-3.5.4-68.el6_0.2.x86_64 on a Scientific Linux 6 (as a virtual machine - if it matters) and an samba-3.0.33-0.30.el4 server on a RHEL4. When I try the listed command I get the following in the servers logfile (on log lever = 3): [2011/04/29 16:29:39, 3, effective(0, 0), real(0, 0)]

BM_207650 MEDIUM Vulnerability Version: 1 2/18/2004@03:47:29 GMT Initial report <https://ialert.idefense.com/KODetails.jhtml?irId=207650> ID#207650: FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability (iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers to launch a DoS attack.

Hi, I have a little problem : Some user have problem with file is read-only mode But all unix acl and posix acl are correct : ls -l drwxrwx---+ 19 root Utilisateurs 4096 jun 9 11:33 STEPHANE -rwxrwx---+ 1 root Utilisateurs 1027584 jun 7 14:33 dossier fraise.ppt getfacl: Removing leading '/' from absolute path names # file:

FYI -------------- next part -------------- An embedded message was scrubbed... From: "iDEFENSE Labs" <labs@idefense.com> Subject: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x Date: Tue, 8 Apr 2003 12:44:39 -0400 Size: 4554 Url: http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030408/43598086/attachment.eml

Hi, i tried to running Samba 3.0.9 with MSDFS under Linux 2.6.9. The normal sharing of Directories to the Target-Server (also Samba with same version and Linux) run's without problems. Only the dfs-share to the same Samba-Server is not usable. The Share-Name self is visible but without cointain. I have compiled the new source with the "--with-msdfs" switch and have also check the

Samba 3.0.7, XP Pro SP1 clients When I view the "Properties|Security" tab on a folder from my XP SP1 clients, the checkboxes indicating the various permission settings are all empty. The share is functioning fine otherwise, permissions are OK when inspected from the Unix side. Does anyone know a work around (or fix!)? This came up back in 2003, without resolution:

Hi, my details: Server: 3.2.3 Client: win2k8 When I try list contents of a shared directory through an ASP script (win2k8 is the client), it's take much time and on samba I saw many times (4 times for each file) the same error: "fill_share_mode_lock failed" I tried "shares mode = No" but no success It's the log: ...:49, 3]