Subject: Potential Buffer Overrun in smbd CVE #: CAN-2004-0686 Affected Versions: Samba 3.0.x <= 3.0.4 Description ----------- A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. Affected Samba 3 installations can avoid this possible security bug by using the default hash2 mangling method. Server installations requiring the hash mangling method are encouraged to upgrade to Samba 3.0.5. Protecting Unpatched Servers ---------------------------- The Samba Team always encourages users to run the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits -------- This defect was located by Samba developers during a routine code audit. -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team