[Fc6] was: Re: [Samba] [SECURITY] Buffer overrun in send_mailslot()

simo idra at samba.org
Mon Dec 10 19:05:42 UTC 2007


Apologies, the correct URL is:
http://simo.fedorapeople.org/samba/

Simo.

On Mon, 2007-12-10 at 14:00 -0500, simo wrote:
> Fedora 7 and 8 packages are being released but as you may know FC6 has
> reached EOL just recently.
> 
> As I think this is an important security problem I decided to release
> new packages for FC6 so that people that have not yet finished their
> migration to newer supported Fedora releases can buy some more time.
> 
> This is a one off service I felt compelled to release to help people, I
> am not going to do regular releases for FC6.
> 
> Packages here:
> http://simo.fedoraproject.org/samba
> 
> Simo.
> 
> 
> On Mon, 2007-12-10 at 07:49 -0600, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > ==========================================================
> > ==
> > == Subject:     Boundary failure in GETDC mailslot
> > ==              processing can result in a buffer overrun
> > ==
> > == CVE ID#:     CVE-2007-6015
> > ==
> > == Versions:    Samba 3.0.0 - 3.0.27a (inclusive)
> > ==
> > == Summary:     Specifically crafted GETDC mailslot requests
> > ==              can trigger a boundary error in the domain
> > ==              controller GETDC mail slot support which
> > ==              can be remotely exploited to execute arbitrary
> > ==              code.
> > ==
> > ==========================================================
> > 
> > ===========
> > Description
> > ===========
> > 
> > Secunia Research reported a vulnerability that allows for
> > the execution of arbitrary code in nmbd.  This defect is
> > only be exploited when the "domain logons" parameter has
> > been enabled in smb.conf.
> > 
> > 
> > ==================
> > Patch Availability
> > ==================
> > 
> > A patch addressing this defect has been posted to
> > 
> >   http://www.samba.org/samba/security/
> > 
> > Additionally, Samba 3.0.28 has been issued as a security
> > release to correct the defect.
> > 
> > 
> > ==========
> > Workaround
> > ==========
> > 
> > Samba administrators may avoid this security issue by disabling
> > both the "domain logons" options in the server's smb.conf file.
> > Note that this will disable all domain controller features as
> > well.
> > 
> > 
> > =======
> > Credits
> > =======
> > 
> > This vulnerability was reported to Samba developers by
> > Alin Rad Pop, Secunia Research.
> > 
> > The time line is as follows:
> > 
> > * Nov 22, 2007: Initial report to security at samba.org.
> > * Nov 22, 2007: First response from Samba developers confirming
> >   the bug along with a proposed patch.
> > * Dec 10, 2007: Public security advisory made available.
> > 
> > 
> > ==========================================================
> > == Our Code, Our Bugs, Our Responsibility.
> > == The Samba Team
> > ==========================================================
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > 
> > iD8DBQFHXUPeIR7qMdg1EfYRArBPAKDeDyXyeauJuVk0FcHYWbBci0Dw6gCgoYYF
> > UmvJh11x9pp5Nbbg/VYpSJ0=
> > =d7SS
> > -----END PGP SIGNATURE-----
> > 
> -- 
> Simo Sorce
> Samba Team GPL Compliance Officer <simo at samba.org>
> Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
> 
-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>




More information about the fedora-announce-list mailing list