SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1016459
SecurityTracker URL:  http://securitytracker.com/id/1016459
CVE Reference:   CVE-2006-3403   (Links to External Site)
Date:  Jul 10 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.1 - 3.0.22
Description:   A vulnerability was reported in Samba. A remote user can cause denial of service conditions.

In certain situations, a remote user can send a large number of share connection requests to cause the target smbd service to continually increase memory usage.

The vulnerability resides in the make_connection() function in 'smbd/service.c'.

The Samba Team discovered this vulnerability during an internal security audit.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fixed version (3.0.23). Also, the vendor has issued a patch, available at:

http://www.samba.org/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch

The vendor's advisory is available at:

http://www.samba.org/samba/security/CVE-2006-3403.html

Vendor URL:  www.samba.org/samba/security/CVE-2006-3403.html (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 25 2006 (Red Hat Issues Fix) Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service
Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, and 4.
Nov 29 2006 (Apple Issues Fix) Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service
Apple has released a fix for Mac OS X.



 Source Message Contents

Subject:  [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================
==
== Subject:     Memory exhaustion DoS against smbd
== CVE ID#:     CAN-2006-1059
==
== Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
==
== Summary:     smbd may allow internal structures
==              maintaining state for share connections
==              to grow unbounded.
==
==========================================================


===========
Description
===========

The smbd daemon maintains internal data structures used track
active connections to file and printer shares.  In certain
circumstances an attacker may be able to continually increase
the memory usage of an smbd process by issuing a large number
of share connection requests.  This defect affects all Samba
configurations.



==================
Patch Availability
==================

A patch for Samba 3.0.1 - 3.0.22 has been posted at
http://www.samba.org/samba/security/.

Guidelines for securing Samba hosts are listed at
http://www.samba.org/docs/server_security.html


=======
Credits
=======

This security issue discovered during an internal security
audit of the Samba source code by the Samba Team.


==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEssD8IR7qMdg1EfYRApZgAJ0TgElO/8CofcdUD9U7sbhvEVJdYgCgo41t
OtSz6FWliXOQwhwsacXOwN4=
=LALn
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC