CVE-2010-2063:

===========================================================
== Subject:     Memory Corruption Vulnerability
==
== CVE ID#:     CVE-2010-2063
==
== Versions:    Samba 3.0.x - 3.3.12 (inclusive)
==
== Summary:     Samba 3.0.x to 3.3.12 are affected by a
==              memory corruption vulnerability.
==
===========================================================

===========
Description
===========

Samba versions 3.3.12 and all versions previous to this are affected
by a memory corruption vulnerability. Samba versions 3.4.0 and all
releases since this version are *NOT* affected by this problem. In
particular, the current stable Samba version 3.5.3 is *NOT* affected
by this problem.

Code dealing with the chaining of SMB1 packets did not correctly
validate an input field provided by the client, making it possible
for a specially crafted packet to crash the server or potentially
cause the server to execute arbitrary code.

This does not require an authenticated connection and so is the
most dangerous kind of vulnerability. All affected systems should
be patched as soon as possible.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 3.3.13 has been issued as security release to correct the
defect.  Patches against older Samba versions are available at
http://samba.org/samba/patches/.  Samba administrators running affected
versions are advised to upgrade to 3.3.13 or apply the patch as soon
as possible.


==========
Workaround
==========

None.

=======
Credits
=======

This vulnerability and proof of concept code was provided by
Jun Mao of iDefense Labs (http://www.idefense.com).

Patches were provided by Jeremy Allison of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================