== Subject: Buffer Overrun Vulnerability == CVE ID#: CVE-2010-3069 == Versions: Samba 3.0.x - 3.5.x (inclusive) == Summary: Samba 3.0.x to 3.5.x are affected by a == buffer overrun vulnerability. Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.5.x has been issued as security release to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba administrators running affected versions are advised to upgrade to 3.5.x or apply the patch as soon as possible. ========== Workaround ========== None. ======= Credits ======= This problem was found by an internal audit of the Samba code by Andrew Bartlett of Cisco. Thanks to Andrew for his careful code review.
Created attachment 5951 [details] CVE-2010-3069 patch Samba 3.0
Created attachment 5952 [details] CVE-2010-3069 patch Samba 3.2
Created attachment 5953 [details] CVE-2010-3069 patch Samba 3.3
Created attachment 5954 [details] CVE-2010-3069 patch Samba 3.4
Created attachment 5955 [details] CVE-2010-3069 patch Samba 3.5
Fixed with the latest released versions. Those needing the fixes find them as attachments to this report.