oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities (3.3.x)

From: Eren Türkay <eren () pardus org tr>
Date: Fri, 28 May 2010 08:33:12 +0300
On Tue, May 25, 2010 at 05:29:00PM -0400, Josh Bressers wrote:

It's been pointed out to me that this should be two IDs, not one.

Let's use CVE-2010-1635 for the NULL pointer deref 
and CVE-2010-1642 for the OOB read.

Sorry for the confusion.


Hello,

It seems thath Samba 3.3.x is also vulnerable. I sent a mail to
samba-technical list, but I haven't got a reply for 3 days. It would be
really helpful if anyone knows the situation of 3.3.x. I am attaching
the e-mail and a patch.

Thank you,
Eren

----- Forwarded message from Eren T??rkay <eren () pardus org tr> -----

Date: Wed, 26 May 2010 19:28:50 +0300
From: Eren Türkay <eren () pardus org tr>
To: samba-technical () samba org
Subject: Security patches for Samba 3.3.x (CVE-2010-{1635,1642})
Organization: "TÜBİTAK/UEKAE"
User-Agent: Mutt/1.5.20 (2009-06-14)

Hello,

A NULL pointer dereference (#7229, CVE-2010-1635) and a crash with CUPS
printers (#7298, CVE-2010-1642) have been fixed with the release of
3.4.8. Accordingly to bugzilla, the fixes were also committed to
3.5-test.

It seems that 3.3.x is also vulnerable as the same code seems to exist in this
release as well. However, I couldn't see any reference for 3.3.x being
vulnerable. I would really appreciate a statement from Samba team as to
the status of 3.3.x

Attached is the patch that I made accordingly to the changes committed to
GIT repository, and hopefully it fixes the issues.

Regards,
Eren

----- End forwarded message -----

Attachment: samba-3.3.12-CVE-2010-1635-1642.patch
Description:

Previous By Date Next
Previous By Thread Next

Current thread: