[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability in Samba 2.2.10 and older
In message <email@example.com>
on Wed, 01 Sep 2004 00:09:41 +0900 (JST),
Takahiro Kambe <firstname.lastname@example.org> wrote:
> > We might even be able to remove that entry if we know for sure that
> > this bug doesn't crash the main Samba server process.
> I don't know in detail and I don't want to read (or understand)
> Samba's codes. ;-p
This problem is caused by authenticated user only.
Takahiro Kambe <email@example.com>
Subject: Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd
Date: 31 Aug 2004 20:33:28 -0000
From: "Jérôme" ATHIAS <firstname.lastname@example.org>
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Delivered-To: mailing list email@example.com
Delivered-To: moderator for firstname.lastname@example.org
Mailing-List: contact email@example.com; run by ezmlm
X-Mew: From: has raw text strings.
tab/spc characters on Subject: are simplified.
Date: Mon, 30 Aug 2004 23:42:49 -0400
The Samba 2.2.11 release addresses the following bug:
o Crashes in smbd triggered by a Windows XP SP2 client sending
a FindNextPrintChangeNotify() request without previously
Impact: Denial of service via network
Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes
Version(s): prior to 3.0.6, prior to 2.2.11
Description: A vulnerability was reported in Samba. A remote authenticated user can cause smbd to crash.
The vendor reported that a remote authenticated user can send a FindNextPrintChangeNotify() request without having previously sent a corresponding FindFirstPrintChangeNotify() requeste to cause smbd to crash.
This behavior can be triggered by a Windows XP SP2 client.
The flaw resides in printer_notify_info() in 'rpc_server/srv_spoolss_nt.c'.
Craig Huegen reported this flaw to the vendor.
Impact: A remote authenticated user can cause smbd to crash.
Solution: The vendor has released a fixed version (3.0.6 and 2.2.11), available at: