On Fri, Mar 04, 2011 at 10:26:50AM +0300, Alexander wrote: > > Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to > > address CVE-2011-0719. > > > > o CVE-2011-0719: > > All current released versions of Samba are vulnerable to > > a denial of service caused by memory corruption. Range > > checks on file descriptors being used in the FD_SET macro > > were not present allowing stack corruption. This can cause > > the Samba code to crash or to loop attempting to select > > on a bad file descriptor set. > > Hello dear Samba team, > > Could you please clarify one thing here - does that DoS/loop happen > with _only_ smbd serving that malicious client, or that would crash > the whole Samba service?
It will affect the smbd doing the service only. But under heavy load it can also affect winbind. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
