SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(Gentoo Issues Fix) Samba Input Validation Error in ms_fnmatch() Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1012207
SecurityTracker URL:  http://securitytracker.com/id/1012207
CVE Reference:   CVE-2004-0930   (Links to External Site)
Date:  Nov 12 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0 through 3.0.7
Description:   An input vulnerability was reported in Samba. A remote authenticated user may be able to cause denial of service conditions.

The vendor reported that there is a flaw in the matching of filenames containing wildcard characters. A remote user can cause the target smbd process to consume excessive CPU resources and, in some cases, cause the system to stop responding.

The vendor credits iDEFENSE with reporting this flaw.

iDEFENSE reported that the flaw resides in the ms_fnmatch() function and can be triggered by sending a command that contains multiple asterik characters, such as the following command:

dir ***********************************************z

Impact:   A remote authenticated user can cause excessive CPU consumption on the target system, potentially causing the system to become unresponsive.
Solution:   Gentoo has released a fix and indicates that all Samba users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.8"

Vendor URL:  www.samba.org/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 8 2004 Samba Input Validation Error in ms_fnmatch() Lets Remote Authenticated Users Deny Service



 Source Message Contents

Subject:  [gentoo-announce] [ GLSA 200411-21 ] Samba: Remote Denial of Service


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3E912B54C8651299A0963493
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200411-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Samba: Remote Denial of Service
      Date: November 11, 2004
      Bugs: #70429
        ID: 200411-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

An input validation flaw in Samba may allow a remote attacker to cause
a Denial of Service by excessive consumption of CPU cycles.

Background
==========

Samba is a freely available SMB/CIFS implementation which allows
seamless interoperability of file and print services to other SMB/CIFS
clients.

Affected packages
=================

    -------------------------------------------------------------------
     Package       /  Vulnerable  /                         Unaffected
    -------------------------------------------------------------------
  1  net-fs/samba       < 3.0.8                               >= 3.0.8
                                                                 < 3.0

Description
===========

An input validation flaw exists in ms_fnmatch.c when matching filenames
that contain wildcards.

Impact
======

A remote attacker may be able to cause an abnormal consumption of CPU
resources, resulting in slower performance of the server or even a
Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Samba users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.8"

References
==========

  [ 1 ] Samba Security Announcement
        http://www.samba.org/samba/security/CAN-2004-0930.html
  [ 2 ] CAN-2004-0930
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200411-21.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

--------------enig3E912B54C8651299A0963493
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBk9SLGc/RGrFqUYMRAgJyAJsGRS74IGnLPxTvDul4BRNNuvm1gACfZrge
DGNm4NGyHRUBah9WKxvaqPA=
=vcv6
-----END PGP SIGNATURE-----

--------------enig3E912B54C8651299A0963493--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC