The patch made by Jerry Carter to fix CVE-2007-457 patched source/lib/charcnv.c (git index 8d5fbc8..2341429 100644). That patch is causing smbd to segfault when a client accesses the mounted filesystem handled by smbd. In my particular case, here's what happened: Client machine: poltergeist:~# mount -r -t smbfs -o guest //lamppost/slackware /mnt/slack Anonymous login successful poltergeist:~# cd /mnt/slack poltergeist:/mnt/slack# ls /bin/ls: reading directory .: Input/output error poltergeist:/mnt/slack# Server machine: lamppost:/var/log/samba# smbd -i smbd version 3.0.27 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 PANIC (pid 28945): push_ascii - dest_len == -1 BACKTRACE: 16 stack frames: #0 smbd(log_stack_trace+0x26) [0x822daba] #1 smbd(smb_panic+0x76) [0x822d953] #2 smbd(push_ascii+0x44) [0x8218c7d] #3 smbd(push_string_fn+0x4b) [0x8219579] #4 smbd(srvstr_push_fn+0x65) [0x80e43bd] #5 smbd [0x80cd515] #6 smbd [0x80cdfa3] #7 smbd(handle_trans2+0xb6) [0x80d7f18] #8 smbd(reply_trans2+0x62e) [0x80d87f6] #9 smbd [0x80f2033] #10 smbd [0x80f20cd] #11 smbd [0x80f22f6] #12 smbd(smbd_process+0x16e) [0x80f30a5] #13 smbd(main+0x8d0) [0x82dbaa9] #14 /lib/tls/libc.so.6(__libc_start_main+0xdb) [0xb7af7fcb] #15 smbd [0x8089751] dumping core in /var/log/samba/cores/smbd Aborted lamppost:/var/log/samba# ls /var/log/samba/cores/smbd lamppost:/var/log/samba# ulimit -c unlimited lamppost:/var/log/samba# Samba versions 3.0.26a and previous work just fine.
*** This bug has been marked as a duplicate of 5087 ***