| commit | c3ad6eb506623435d3d9ce62d6f34ed1c960d4be | |
| author | Jeremy Allison <jra@samba.org> | |
| Sun, 27 Feb 2011 16:58:06 +0000 (27 17:58 +0100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Sun, 27 Feb 2011 17:00:09 +0000 (27 18:00 +0100) | ||
| tree | 243604df916ab59382f7ffce9f485f3773e96bbc | treesnapshot (tar.gz zip) |
| parent | 01a15b10d185fcb3be6ceaf29fd0b70a5b0c98fd | commitdiff |
Fix denial of service - memory corruption.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
17 files changed: