Date: Tue, 26 Oct 2010 22:38:03 +0100 (BST) From: Thomas Sandford <freebsduser@paradisegreen.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/151764: vuxml update for security vulnerability: ports:samba Message-ID: <201010262138.o9QLc383032492@miriam.paradisegreen.co.uk> Resent-Message-ID: <201010262220.o9QMK6Rc018042@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 151764 >Category: ports >Synopsis: vuxml update for security vulnerability: ports:samba >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Oct 26 22:20:06 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Thomas Sandford >Release: FreeBSD 8.1-RELEASE i386 >Organization: >Environment: System: FreeBSD miriam.paradisegreen.co.uk 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: vuxml entry for CVE-2010-3069 affecting all versions of samba prior to 2010-09-14. Note that this means that all the recently removed old samba ports will be marked as vulnerable. >How-To-Repeat: >Fix: Proposed vuxml entry attached --- vuln.xml.patch1 begins here --- --- vuln.xml.old 2010-10-26 22:03:56.000000000 +0100 +++ vuln.xml 2010-10-26 22:22:48.000000000 +0100 @@ -34,6 +34,35 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e35764c6-7b6c-4214-a74f-e7c68090a3f9"> + <topic>Samba -- Buffer Overrun Vulnerability</topic> + <affects> + <package> + <name>samba</name> + <name>samba3</name> + <name>ja-samba</name> + <range><lt>3.4.9,1</lt></range> + <range><ge>3.5.0,1</ge><lt>3.5.5,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Vendor reports:</p> + <blockquote cite="http://www.samba.org/samba/security/CVE-2010-3069.html"> + <p>Affected versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse function and related dom_sid_parse function in the source4 code do not correctly check their input lengths when reading a binary representation of a Windows SID Security ID. This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2010-3069</cvename> + <url>http://www.samba.org/samba/security/CVE-2010-3069.html</url> + </references> + <dates> + <discovery>2010-09-14</discovery> + <entry>2010-10-26</entry> + </dates> + </vuln> + <vuln vid="aab187d4-e0f3-11df-b1ea-001999392805"> <topic>opera -- multiple vulnerabilities</topic> <affects> --- vuln.xml.patch1 ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010262138.o9QLc383032492>