Lucene search

K
sambaSamba SecuritySAMBA:CVE-2011-0719
HistoryFeb 18, 2011 - 12:00 a.m.

Denial of service - memory corruption

2011-02-1800:00:00
Samba Security
www.samba.org
26

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.5%

Description

All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.

A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).

Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.

Patch Availability

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 3.5.7 has been issued as security release to correct the
defect. Patches against older Samba versions are available at
http://samba.org/samba/patches/. Samba administrators running affected
versions are advised to upgrade to 3.5.7 or apply the patch as soon
as possible.

Workaround

None.

Credits

This problem was found by an internal audit of the Samba code by
Volker Lendecke of SerNet. Thanks to Volker for his careful code
review.

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.5%