ports/109049: security/vuxml: Add the entry of samba vulnerabilities fixed in samba-3.0.24, 1
KOMATSU Shinichiro
koma2 at lovepeers.org
Sun Feb 11 14:50:04 UTC 2007
>Number: 109049
>Category: ports
>Synopsis: security/vuxml: Add the entry of samba vulnerabilities fixed in samba-3.0.24,1
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 11 14:50:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: KOMATSU Shinichiro
>Release: FreeBSD 6.2-RELEASE i386
>Organization:
>Environment:
FreeBSD 6.2-RELEASE i386
>Description:
Three vulnerabilities were fixed (one of which does not affect FreeBSD, thought) in samba-3.0.24,1 and ja-samba-3.0.24,1, but they are not documented in VuXML.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: security/vuxml/vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.1270
diff -u -r1.1270 vuln.xml
--- security/vuxml/vuln.xml 17 Jan 2007 22:17:49 -0000 1.1270
+++ security/vuxml/vuln.xml 11 Feb 2007 12:56:18 -0000
@@ -34,6 +34,79 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f235fe7a-b9ca-11db-bf0f-0013720b182d">
+ <topic>samba -- potential Denial of Service bug in smbd</topic>
+ <affects>
+ <package>
+ <name>samba</name>
+ <name>ja-samba</name>
+ <range><ge>3.0.6,1</ge><lt>3.0.24,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Samba Team reports:</p>
+ <blockquote cite="http://www.samba.org/samba/security/CVE-2007-0452.html">
+ <p>Internally Samba's file server daemon, smbd, implements
+ support for deferred file open calls in an attempt to serve
+ client requests that would otherwise fail due to a share mode
+ violation. When renaming a file under certain circumstances
+ it is possible that the request is never removed from the deferred
+ open queue. smbd will then become stuck is a loop trying to
+ service the open request.</p>
+ <p>This bug may allow an authenticated user to exhaust resources
+ such as memory and CPU on the server by opening multiple CIFS
+ sessions, each of which will normally spawn a new smbd process,
+ and sending each connection into an infinite loop.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-0452</cvename>
+ <url>http://www.samba.org/samba/security/CVE-2007-0452.html</url>
+ </references>
+ <dates>
+ <discovery>2007-02-05</discovery>
+ <entry>2007-02-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="57ae52f7-b9cc-11db-bf0f-0013720b182d">
+ <topic>samba -- format string bug in afsacl.so VFS plugin</topic>
+ <affects>
+ <package>
+ <name>samba</name>
+ <name>ja-samba</name>
+ <range><ge>3.0.6,1</ge><lt>3.0.24,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Samba Team reports:</p>
+ <blockquote cite="http://www.samba.org/samba/security/CVE-2007-0454.html">
+ <p>NOTE: This security advisory only impacts Samba servers
+ that share AFS file systems to CIFS clients and which have
+ been explicitly instructed in smb.conf to load the afsacl.so
+ VFS module.</p>
+ <p>The source defect results in the name of a file stored on
+ disk being used as the format string in a call to snprintf().
+ This bug becomes exploitable only when a user is able
+ to write to a share which utilizes Samba's afsacl.so library
+ for setting Windows NT access control lists on files residing
+ on an AFS file system.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-0454</cvename>
+ <url>http://www.samba.org/samba/security/CVE-2007-0454.html</url>
+ </references>
+ <dates>
+ <discovery>2007-02-05</discovery>
+ <entry>2007-02-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7bb127c1-a5aa-11db-9ddc-0011098b2f36">
<topic>joomla -- multiple remote vulnerabilities</topic>
<affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list