LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2010-78 (samba)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-78] Samba: Denial of Service 


Date:
    	      Tue, 15 Jun 2010 12:39:35 +0300 (EEST)


Message-ID:
    	      <20100615093935.767C4A7AC79@lider.pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-78            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-15
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed within in the Samba  Smbd  daemon  which 
allows an attacker to trigger an uninitialized variable read by sending 
a specific 'Sessions Setup AndX' query. Successful exploitation of  the 
issue will result in a denial of service. 


Description
===========

The Server Message Block (SMB) protocol, also known as Common  Internet 
File System (CIFS) acts as an  application-layer  protocol  to  provide 
shared access to files, printers and Inter-Process Communication (IPC). 
It is also a transport for Distributed Computing Environment  /  Remote 
Procedure  Call (DCE  /  RPC)  operations  After  negotiating  an  SMB  
communication  the client  sends  a  'Session  Setup  AndX'  packet  to 
negotiate a session in order to be able to connect on a specific share. 
IT is possible to trigger an uninitialized variable read by  sending  a 
specific 'Sessions Setup AndX' query. Successful  exploitation  of  the 
issue will result in a denial of service. 


Affected packages:

  Pardus 2009:
    samba, all before 3.3.10-52-13


Resolution
==========

There are update(s) for samba. You can update them via Package  Manager 
or with a single command from console: 

    pisi up samba

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=13175

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds