[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7

From: Gerald (Jerry) Carter (jerry_at_samba.org)
Date: 11/08/04

  • Next message: Kurt Huwig: "DOS against Java JNDI/DNS" 
    Date: Mon, 08 Nov 2004 11:45:02 -0600
To: bugtraq@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Subject: Potential Remote Denial of Service
    CVE #: CAN-2004-0930
    Affected
    Versions: Samba 3.0.x <= 3.0.7

    Summary: A remote attacker could cause and smbd process
                    to consume abnormal amounts of system resources
                    due to an input validation error when matching
                    filenames containing wildcard characters.

    Patch Availability
    - ------------------

    A patch for Samba 3.0.7 (samba-3.0.7-CAN-2004-0930.patch) is
    available from http://www.samba.org/samba/ftp/patches/security/.
    The patch has been signed with the "Samba Distribution Verification
    Key" (ID F17F9772).

    Description
    - -----------

    A bug in the input validation routines used to match
    filename strings containing wildcard characters may allow
    a user to consume more than normal amounts of CPU cycles
    thus impacting the performance and response of the server.
    In some circumstances the server can become entirely
    unresponsive.

    Protecting Unpatched Servers
    - ----------------------------

    The Samba Team always encourages users to run the latest stable
    release as a defense of against attacks. However, under certain
    circumstances it may not be possible to immediately upgrade
    important installations. In such cases, administrators should
    read the "Server Security" documentation found at
    http://www.samba.org/samba/docs/server_security.html.

    Credits
    - --------

    This security issue was reported to Samba developers by
    iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited
    with this discovery.

    - --
    Our Code, Our Bugs, Our Responsibility.

                                    -- The Samba Team
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFBj7CeIR7qMdg1EfYRAj+MAKDNkcUR/2ty7ImGmQQgMyJmJL2PXwCgguGr
    bT7+yChNg9Sg++7fdexNg9g=
    =WfWT
    -----END PGP SIGNATURE-----

  • Next message: Kurt Huwig: "DOS against Java JNDI/DNS"

    Relevant Pages

    • Samba 3.0.25a Available for Download
      ... This is the second production release of the Samba 3.0.25 code ... Failure to open the Windows object picker against a server ... Changes to MS-DFS Root Share Behavior ... Version: GnuPG v1.4.2.2 ...
      (comp.protocols.smb)
    • Re: Terrible samba2samba throughput, any ideas?
      ... Server: Dual Athlon MP 1900+ with an Intel Server Gb NIC (64/66, ... Any particular reason why you are using SAMBA instead of NFS? ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Samba Security Announcement -- Potential Arbitrary File Access
      ... Patch Availability ... Samba 2.2.12 has been released to specifically address ... Credits ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
      (Bugtraq)
    • [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd
      ... Patch Availability ... The patch has been signed with the "Samba Distribution Verification ... This security issue was reported to Samba developers by Stefan ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ...
      (Bugtraq)
    • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
      ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
      (comp.unix.sco.misc)
    Loading