From owner-svn-ports-head@FreeBSD.ORG Fri Aug 9 17:22:17 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8F2E5649; Fri, 9 Aug 2013 17:22:17 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 630E7254E; Fri, 9 Aug 2013 17:22:17 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r79HMH3T039168; Fri, 9 Aug 2013 17:22:17 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r79HMHjL039167; Fri, 9 Aug 2013 17:22:17 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201308091722.r79HMHjL039167@svn.freebsd.org> From: Xin LI Date: Fri, 9 Aug 2013 17:22:17 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r324452 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 17:22:17 -0000 Author: delphij Date: Fri Aug 9 17:22:16 2013 New Revision: 324452 URL: http://svnweb.freebsd.org/changeset/ports/324452 Log: Document Samba DoS vulnerability. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Aug 9 17:19:49 2013 (r324451) +++ head/security/vuxml/vuln.xml Fri Aug 9 17:22:16 2013 (r324452) @@ -51,6 +51,49 @@ Note: Please add new entries to the beg --> + + samba -- denial of service vulnerability + + + samba34 + 0 + + + samba35 + 0 + + + samba36 + 3.6.*3.6.17 + + + samba4 + 4.0.*4.0.8 + + + + +

The Samba project reports:

+
+

All current released versions of Samba are vulnerable to + a denial of service on an authenticated or guest connection. + A malformed packet can cause the smbd server to loop the CPU + performing memory allocations and preventing any further service.

+

A connection to a file share, or a local account is needed + to exploit this problem, either authenticated or unauthenticated + if guest connections are allowed.

+
+ + + + CVE-2013-4124 + + + 2013-08-05 + 2013-08-09 + + + mozilla -- multiple vulnerabilities