-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Memory exhaustion DoS against smbd == CVE ID#: CAN-2006-1059 == == Versions: Samba Samba 3.0.1 - 3.0.22 (inclusive) == == Summary: smbd may allow internal structures == maintaining state for share connections == to grow unbounded. == ==========================================================
=========== Description =========== The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. ================== Patch Availability ================== A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html ======= Credits ======= This security issue discovered during an internal security audit of the Samba source code by the Samba Team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS M65Y4TJbTWo46oSFuHc4LXE= =CZLB -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba