SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (File Transfer/Sharing)  >   Samba CIFS Vendors:   Samba.org
Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1016459
SecurityTracker URL:  http://securitytracker.com/id/1016459
CVE Reference:   CVE-2006-3403   (Links to External Site)
Date:  Jul 10 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.1 - 3.0.22
Description:   A vulnerability was reported in Samba. A remote user can cause denial of service conditions.

In certain situations, a remote user can send a large number of share connection requests to cause the target smbd service to continually increase memory usage.

The vulnerability resides in the make_connection() function in 'smbd/service.c'.

The Samba Team discovered this vulnerability during an internal security audit.
Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fixed version (3.0.23). Also, the vendor has issued a patch, available at:

http://www.samba.org/samba/ftp/patches/security/samba-3.0-CAN-2006-3403.patch

The vendor's advisory is available at:

http://www.samba.org/samba/security/CAN-2006-3403.html
Vendor URL:  www.samba.org/samba/security/CAN-2006-3403.html (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 25 2006 (Red Hat Issues Fix) Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, and 4.
Nov 29 2006 (Apple Issues Fix) Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has released a fix for Mac OS X.


 Source Message Contents
Date:  Mon, 10 Jul 2006 16:05:00 -0500
Subject:  [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================
==
== Subject:     Memory exhaustion DoS against smbd
== CVE ID#:     CAN-2006-1059
==
== Versions:    Samba Samba 3.0.1 - 3.0.22 (inclusive)
==
== Summary:     smbd may allow internal structures
==              maintaining state for share connections
==              to grow unbounded.
==
==========================================================


===========
Description
===========

The smbd daemon maintains internal data structures used track
active connections to file and printer shares.  In certain
circumstances an attacker may be able to continually increase
the memory usage of an smbd process by issuing a large number
of share connection requests.  This defect affects all Samba
configurations.



==================
Patch Availability
==================

A patch for Samba 3.0.1 - 3.0.22 has been posted at
http://www.samba.org/samba/security/.

Guidelines for securing Samba hosts are listed at
http://www.samba.org/docs/server_security.html


=======
Credits
=======

This security issue discovered during an internal security
audit of the Samba source code by the Samba Team.


==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEssD8IR7qMdg1EfYRApZgAJ0TgElO/8CofcdUD9U7sbhvEVJdYgCgo41t
OtSz6FWliXOQwhwsacXOwN4=
=LALn
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC