similar to: [SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID#: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 (inclusive) == == Summary: Specifically crafted SMB responses can result == in a heap overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote code execution in Samba's WINS == server daemon (nmbd) when processing name == registration followed name query requests. == == CVE ID#: CVE-2007-5398 == == Versions: Samba 3.0.0 - 3.0.26a (inclusive) == == Summary: When nmbd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote code execution in Samba's WINS == server daemon (nmbd) when processing name == registration followed name query requests. == == CVE ID#: CVE-2007-5398 == == Versions: Samba 3.0.0 - 3.0.26a (inclusive) == == Summary: When nmbd

Hello list! Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba.. The samba.org website claims "This security advisory is applicable to all Samba 3.0.x releases to date" Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)" The CVE suggests that the version 3.0.4 would not be affected, my confused! Thanks in advance, Derek [1]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure in GETDC mailslot == processing can result in a buffer overrun == == CVE ID#: CVE-2007-6015 == == Versions: Samba 3.0.0 - 3.0.27a (inclusive) == == Summary: Specifically crafted GETDC mailslot requests == can trigger a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure in GETDC mailslot == processing can result in a buffer overrun == == CVE ID#: CVE-2007-6015 == == Versions: Samba 3.0.0 - 3.0.27a (inclusive) == == Summary: Specifically crafted GETDC mailslot requests == can trigger a

For those who haven't yet received this warning yet. Anybody from the core can tell about the background and possible fixes? <p>Regards, Stefan ------- Forwarded message follows ------- Date sent: Wed, 12 May 2004 13:50:17 +0200 To: secunia_security_advisories@stefan-neufeind.de Subject: [SA11578] Icecast Basic Authorization Denial of Service Vulnerability

hi , anybody knows more about this ? http://secunia.com/advisories/36698/ http://secunia.com/advisories/36629/ http://secunia.com/advisories/36713/ -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

Version 4.x users , ERIFY ADVISORY: http://secunia.com/advisories/15261/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15260/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch

I'm trying to build and install Samba 3.0.30 on a Solaris 9 SPARC machine. When I do a "make test", the RW1 test is failing. If I go back and configure and build 3.0.28 with the same settings, and do a make test, everything passes. Here's what I'm seeing with 3.0.30: ---8<--- Testing RW1 (0) TEST OUTPUT: host=127.0.0.2 share=tmp user=root myname=cannes Running RW1

Jerry, The patch for 3.0.29 to 3.0.30 is broken; can you fix? James -- Patch Results -- Patch #10 (patch-3.0.29-3.0.30.diffs.gz): + /usr/bin/gzip -d + patch -p1 -s 146 out of 146 hunks FAILED -- saving rejects to file docs/Samba3-ByExample.pdf.rej 8 out of 8 hunks FAILED -- saving rejects to file docs/Samba3-Developers-Guide.pdf.rej 194 out of 194 hunks FAILED -- saving rejects to file

I just confirmed the following bug on my firefox. http://secunia.com/advisories/14820/ Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0 (I think my firefox is a month or two behind, from ports, but the advisary indicates both 1.0.1 and 1.0.2 are effected.) FreeBSD localhost 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004

Hi, We rebuilt the Mandriva 2007.1 SRPM for Mandriva 2006 and 2007. In case this is useful for someone, here are the packages: http://downloads.angulosolido.pt/Server/samba-CVE-2008-1105/ Best regards Gustavo Homem -- Angulo S?lido - Tecnologias de Informa??o http://angulosolido.pt

Please, note: http://secunia.com/advisories/23115/ A port maintainer CC'ed. -- Dixi. Sem.

Hello List, I have a network consisting of several Win2K Pro, WinXp Home, WinXp Pro Clients, a Linux Server with Samba 3 and a MS Small Business Server 2003. The Linux Server authenticates domain users using winbind. That works fine and all users can Login to the linux box using FTP, SSH, ... The only thing that doesn't work is connecting to samba shares. For some time I got the messages

I have a Samba PDC set up on SuSE 9.1 with LDAP backend. I am trying to login to the domain from Win2K/XP clients. The Windows clients easily joined the domain, but can never login. Also, I can access all the Samba shares when logged in locally on a Windows client. I have omitted a copy of smb.conf as I have tried the things mentioned by Samba Team members to no avail. I have read the

On Tue, Jun 24, 2008 at 12:08 PM, Aaron Browne <gopodge@gmail.com> wrote: > > Recently built 3.0.30 for testing and cannot establish a Trust Relationship > with our Windows 2003 domain controller. Joining > the domain seems to work but shares are unavailable. Working backwards, I > ended up identifying Samba 3.0.28a > as a working build. Any version after that does not

Hi! I tried accessing a Samba server 3.0.2a from a PDA (Dell Axim X5) with Windows Mobile 2003. In the menu "Open" I typed "\\stormbringer" and and got this error message: Cannot find the file '\\' (or one of its components). Make sure the path and file name are correct and all required libraries are available. Further I tried accessing the same Samba server from a

http://secunia.com/advisories/54438/ Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code): This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a

As a Cygwin rsync package maintainer, the following security fixes have been brought to my attention: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch And while they seem "trusted" enough to me (present in many packages such as Gentoo, FreeBSD