Date: Tue, 26 Oct 2010 22:38:03 +0100 (BST) From: Thomas Sandford <freebsduser@paradisegreen.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/151764: vuxml update for security vulnerability: ports:samba Message-ID: <201010262138.o9QLc383032492@miriam.paradisegreen.co.uk> Resent-Message-ID: <201010262220.o9QMK6Rc018042@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 151764
>Category: ports
>Synopsis: vuxml update for security vulnerability: ports:samba
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 26 22:20:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Thomas Sandford
>Release: FreeBSD 8.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD miriam.paradisegreen.co.uk 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
vuxml entry for CVE-2010-3069 affecting all versions of samba
prior to 2010-09-14.
Note that this means that all the recently removed old samba ports
will be marked as vulnerable.
>How-To-Repeat:
>Fix:
Proposed vuxml entry attached
--- vuln.xml.patch1 begins here ---
--- vuln.xml.old 2010-10-26 22:03:56.000000000 +0100
+++ vuln.xml 2010-10-26 22:22:48.000000000 +0100
@@ -34,6 +34,35 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+ <vuln vid="e35764c6-7b6c-4214-a74f-e7c68090a3f9">
+ <topic>Samba -- Buffer Overrun Vulnerability</topic>
+ <affects>
+ <package>
+ <name>samba</name>
+ <name>samba3</name>
+ <name>ja-samba</name>
+ <range><lt>3.4.9,1</lt></range>
+ <range><ge>3.5.0,1</ge><lt>3.5.5,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">;
+ <p>Vendor reports:</p>
+ <blockquote cite="http://www.samba.org/samba/security/CVE-2010-3069.html">;
+ <p>Affected versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse function and related dom_sid_parse function in the source4 code do not correctly check their input lengths when reading a binary representation of a Windows SID Security ID. This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2010-3069</cvename>
+ <url>http://www.samba.org/samba/security/CVE-2010-3069.html</url>;
+ </references>
+ <dates>
+ <discovery>2010-09-14</discovery>
+ <entry>2010-10-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="aab187d4-e0f3-11df-b1ea-001999392805">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
--- vuln.xml.patch1 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010262138.o9QLc383032492>