=========================================================== == Subject: Memory Corruption Vulnerability == == CVE ID#: CVE-2010-2063 == == Versions: Samba 3.0.x - 3.3.12 (inclusive) == == Summary: Samba 3.0.x to 3.3.12 are affected by a == memory corruption vulnerability. == =========================================================== =========== Description =========== Samba versions 3.3.12 and all versions previous to this are affected by a memory corruption vulnerability. Samba versions 3.4.0 and all releases since this version are *NOT* affected by this problem. In particular, the current stable Samba version 3.5.3 is *NOT* affected by this problem. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. This does not require an authenticated connection and so is the most dangerous kind of vulnerability. All affected systems should be patched as soon as possible. ================== Patch Availability ================== Patches addressing both these issues have been posted to: http://www.samba.org/samba/security/ Additionally, Samba 3.3.13 has been issued as security release to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba administrators running affected versions are advised to upgrade to 3.3.13 or apply the patch as soon as possible. ========== Workaround ========== None. ======= Credits ======= This vulnerability and proof of concept code was provided by Jun Mao of iDefense Labs (http://www.idefense.com). Patches were provided by Jeremy Allison of the Samba team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================