Quoting Geoff Crompton ([EMAIL PROTECTED]): > Package: samba > Version: 3.0.14a-3sarge1 > Severity: grave > > Samba have announced http://www.samba.org/samba/security/CAN-2006-3403.html, > and have a patch available. It affects all samba configurations, hence I > consider this grave. > I wouldn't be surprised if the security team is already aware of this.
It is. I tested a compile of the current sarge package to which I added the patch provided by upstream (attached) but it failed: Compiling lib/util.c lib/util.c:2447: error: redefinition of `data_path' lib/util.c:2392: error: `data_path' previously defined here lib/util.c:2457: error: redefinition of `state_path' lib/util.c:2402: error: `state_path' previously defined here lib/util.c:2477: error: redefinition of `cache_path' lib/util.c:2422: error: `cache_path' previously defined here make[1]: *** [lib/util.o] Erreur 1 make[1]: Leaving directory `/home/bubulle/src/debian/samba/samba-3.0.14a/source' make: *** [build-stamp] Erreur 2
Index: samba-3.0.14a/source/smbd/service.c
===================================================================
--- samba-3.0.14a/source/smbd/service.c (revision 16676)
+++ samba-3.0.14a/source/smbd/service.c (working copy)
@@ -763,6 +763,11 @@
smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
}
+ if (conn_num_open() > 2047) {
+ *status = NT_STATUS_INSUFF_SERVER_RESOURCES;
+ return NULL;
+ }
+
if(lp_security() != SEC_SHARE) {
vuser = get_valid_user_struct(vuid);
if (!vuser) {
signature.asc
Description: Digital signature
