oss-sec mailing list archives
Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities (3.3.x)
From: Eren Türkay <eren () pardus org tr>
Date: Fri, 28 May 2010 08:33:12 +0300
On Tue, May 25, 2010 at 05:29:00PM -0400, Josh Bressers wrote:
It's been pointed out to me that this should be two IDs, not one. Let's use CVE-2010-1635 for the NULL pointer deref and CVE-2010-1642 for the OOB read. Sorry for the confusion.
Hello, It seems thath Samba 3.3.x is also vulnerable. I sent a mail to samba-technical list, but I haven't got a reply for 3 days. It would be really helpful if anyone knows the situation of 3.3.x. I am attaching the e-mail and a patch. Thank you, Eren ----- Forwarded message from Eren T??rkay <eren () pardus org tr> ----- Date: Wed, 26 May 2010 19:28:50 +0300 From: Eren Türkay <eren () pardus org tr> To: samba-technical () samba org Subject: Security patches for Samba 3.3.x (CVE-2010-{1635,1642}) Organization: "TÜBİTAK/UEKAE" User-Agent: Mutt/1.5.20 (2009-06-14) Hello, A NULL pointer dereference (#7229, CVE-2010-1635) and a crash with CUPS printers (#7298, CVE-2010-1642) have been fixed with the release of 3.4.8. Accordingly to bugzilla, the fixes were also committed to 3.5-test. It seems that 3.3.x is also vulnerable as the same code seems to exist in this release as well. However, I couldn't see any reference for 3.3.x being vulnerable. I would really appreciate a statement from Samba team as to the status of 3.3.x Attached is the patch that I made accordingly to the changes committed to GIT repository, and hopefully it fixes the issues. Regards, Eren ----- End forwarded message -----
Attachment:
samba-3.3.12-CVE-2010-1635-1642.patch
Description:
Current thread:
- Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities Thomas Biege (May 20)
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities Thomas Biege (May 25)
- <Possible follow-ups>
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities Josh Bressers (May 25)
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities Thomas Biege (May 26)
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities (3.3.x) Eren Türkay (May 27)
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities (3.3.x) Tomas Hoger (May 28)
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities (3.3.x) Eren Türkay (May 28)
- Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities (3.3.x) Tomas Hoger (May 31)