Date: Sun, 11 Feb 2007 14:40:24 GMT From: KOMATSU Shinichiro<koma2@lovepeers.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/109049: security/vuxml: Add the entry of samba vulnerabilities fixed in samba-3.0.24, 1 Message-ID: <200702111440.l1BEeOE2024690@www.freebsd.org> Resent-Message-ID: <200702111450.l1BEo4C4012131@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 109049 >Category: ports >Synopsis: security/vuxml: Add the entry of samba vulnerabilities fixed in samba-3.0.24,1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Feb 11 14:50:03 GMT 2007 >Closed-Date: >Last-Modified: >Originator: KOMATSU Shinichiro >Release: FreeBSD 6.2-RELEASE i386 >Organization: >Environment: FreeBSD 6.2-RELEASE i386 >Description: Three vulnerabilities were fixed (one of which does not affect FreeBSD, thought) in samba-3.0.24,1 and ja-samba-3.0.24,1, but they are not documented in VuXML. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: security/vuxml/vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.1270 diff -u -r1.1270 vuln.xml --- security/vuxml/vuln.xml 17 Jan 2007 22:17:49 -0000 1.1270 +++ security/vuxml/vuln.xml 11 Feb 2007 12:56:18 -0000 @@ -34,6 +34,79 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f235fe7a-b9ca-11db-bf0f-0013720b182d"> + <topic>samba -- potential Denial of Service bug in smbd</topic> + <affects> + <package> + <name>samba</name> + <name>ja-samba</name> + <range><ge>3.0.6,1</ge><lt>3.0.24,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Samba Team reports:</p> + <blockquote cite="http://www.samba.org/samba/security/CVE-2007-0452.html"> + <p>Internally Samba's file server daemon, smbd, implements + support for deferred file open calls in an attempt to serve + client requests that would otherwise fail due to a share mode + violation. When renaming a file under certain circumstances + it is possible that the request is never removed from the deferred + open queue. smbd will then become stuck is a loop trying to + service the open request.</p> + <p>This bug may allow an authenticated user to exhaust resources + such as memory and CPU on the server by opening multiple CIFS + sessions, each of which will normally spawn a new smbd process, + and sending each connection into an infinite loop.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-0452</cvename> + <url>http://www.samba.org/samba/security/CVE-2007-0452.html</url> + </references> + <dates> + <discovery>2007-02-05</discovery> + <entry>2007-02-11</entry> + </dates> + </vuln> + + <vuln vid="57ae52f7-b9cc-11db-bf0f-0013720b182d"> + <topic>samba -- format string bug in afsacl.so VFS plugin</topic> + <affects> + <package> + <name>samba</name> + <name>ja-samba</name> + <range><ge>3.0.6,1</ge><lt>3.0.24,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Samba Team reports:</p> + <blockquote cite="http://www.samba.org/samba/security/CVE-2007-0454.html"> + <p>NOTE: This security advisory only impacts Samba servers + that share AFS file systems to CIFS clients and which have + been explicitly instructed in smb.conf to load the afsacl.so + VFS module.</p> + <p>The source defect results in the name of a file stored on + disk being used as the format string in a call to snprintf(). + This bug becomes exploitable only when a user is able + to write to a share which utilizes Samba's afsacl.so library + for setting Windows NT access control lists on files residing + on an AFS file system.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-0454</cvename> + <url>http://www.samba.org/samba/security/CVE-2007-0454.html</url> + </references> + <dates> + <discovery>2007-02-05</discovery> + <entry>2007-02-11</entry> + </dates> + </vuln> + <vuln vid="7bb127c1-a5aa-11db-9ddc-0011098b2f36"> <topic>joomla -- multiple remote vulnerabilities</topic> <affects> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702111440.l1BEeOE2024690>