|
|
|
|
| |
Credit:
The information has been provided by Volker Lendecke of SerNet..
The original article can be found at: http://www.samba.org/samba/security/CVE-2011-0719.html
|
| |
Vulnerable Systems:
* Samba Samba 3.5.7 and prior
An attacker can exploit this issue to crash the application or cause the application to enter an infinite loop. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection).
Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
Patch Availability:
http://www.samba.org/samba/security/
CVE Information:
CVE-2011-0719
Disclosure Timeline:
Published: Feb 28 2011 12:00AM
Updated: Oct 17 2012 10:50AM
|
|
|
|
|
