Full Disclosure mailing list archives
[ GLSA 200409-14 ] Samba: Remote printing vulnerability
From: Sune Kloppenborg Jeppesen <jaervosz () gentoo org>
Date: Thu, 9 Sep 2004 08:58:16 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Remote printing vulnerability Date: September 09, 2004 Bugs: #62476 ID: 200409-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Samba is vulnerable to a remote denial of service attack due to out of sequence print change notification requests. Background ========== Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 3.0.6 >= 3.0.6 Description =========== Due to a bug in the printer_notify_info() function, authorized users could potentially crash the Samba server by sending improperly handled print change notification requests in an invalid order. Windows XP SP2 clients can trigger this behavior by sending a FindNextPrintChangeNotify() request before previously sending a FindFirstPrintChangeNotify() request. Impact ====== A remote authorized user could potentially crash a Samba server after issuing these out of sequence requests. Workaround ========== There is no known workaround at this time. Resolution ========== All Samba users should upgrade to the latest version: # emerge sync # emerge -pv ">=net-fs/samba-3.0.6" # emerge ">=net-fs/samba-3.0.6" References ========== [ 1 ] Samba Release Notes http://samba.org/samba/history/samba-3.0.6.html [ 2 ] BugTraq Advisory http://www.securityfocus.com/archive/1/373619 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200409-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBP/8TzKC5hMHO6rkRAlzQAJoC5WToM0BJFPCrdV9eK5Qof9/4zwCfetGL XM2UdFtazEDBA4aePUTkrxE= =gctd -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ GLSA 200409-14 ] Samba: Remote printing vulnerability Sune Kloppenborg Jeppesen (Sep 09)