[CAN-2004-0686] Buffer overrun in `mangling method = hash' handling
Bug #7138 reported by
Debian Bug Importer
This bug report is a duplicate of:
Bug #7136: [CAN-2004-0600, CAN-2004-0686] buffer overruns.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Debian) |
Fix Released
|
Unknown
|
|||
samba (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
Automatically imported from Debian bug report #260839 http://
To post a comment you must log in.
Message-ID: <email address hidden>
Date: Thu, 22 Jul 2004 16:13:58 +0200
From: "J.H.M. Dassen (Ray)" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: [CAN-2004-0686] Buffer overrun in `mangling method = hash' handling
Package: samba
Version: 2.2.3a-13
Severity: grave
Tags: security upstream fixed-upstream woody
http:// www.samba. org/samba/ whatsnew/ samba-2. 2.10.html :
Security Release - Samba 2.2.10 Available for Download
###### ####### ####### #### SECURITY RELEASE ####### ####### ####### ###
Summary: Potential Buffer Overrun in Samba 2.2.x cve.mitre. org/)
CVE ID: CAN-2004-0686
(http://
This is the latest stable release of the Samba 2.2 code base.
There are no further Samba 2.2.x releases planned at this time.
-------------
CAN-2004-0686
-------------
Affected Versions: Samba 2.2.0 through 2.2.9
A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Affected Samba
2.2 installations can avoid this possible security bug by using
the hash2 mangling method. Server installations requiring
the hash mangling method are encouraged to upgrade to Samba v2.2.10
or v3.0.5.
The source code can be downloaded from :
http:// download. samba.org/ samba/ftp/
in the file samba-2. 2.10.tar. gz. The uncompressed archive has
been signed using the Samba Distribution Key.
Our code, Our bugs, Our responsibility (Samba Bugzilla).
-- System Information: en_US.ISO8859- 1
Debian Release: testing/unstable
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=C, LC_CTYPE=
--
Obsig: developing a new sig