Multiple Samba security vulnerabilities
Bug #932239 reported by
Terry Duncan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Please upgrade Samba to 3.4.14 or later in Manzanita
High...
CVE-2010-3069 Samba 3.0.x to 3.5.x are affected by a buffer overrun vulnerability
Medium...
CVE-2011-2522
CVE-2011-2694
CVE-2011-0719 Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro
CVE-2010-1635
CVE-2010-1642 sending specially crafted 'Session Setup AndX' requests, an
unauthenticated, remote attacker can exploit these vulnerabilities
security vulnerability: | no → yes |
To post a comment you must log in.
Note that Ubuntu, like many linux distributions, backports security fixes rather than upgrading to new versions of software to attempt to prevent the introduction of regressions and changes in behavior in released versions of software.
CVE-2010-3069 was addressed in http:// www.ubuntu. com/usn/ usn-987- 1 www.ubuntu. com/usn/ usn-1182- 1 www.ubuntu. com/usn/ usn-1075- 1
CVE-2011-2522 and CVE-2011-2694 were addressed in http://
CVE-2011-0719 was addressed in http://
CVE-2010-1635 and CVE-2010-1642 can only kill the current connection of the attacker, the vulnerabilities do not affect the service as a whole, and as such have negligable security impact. They've also been addressed in maverick and subsequent releases.
What is Manzanita?