Package name
samba
Date
2010-07-27
Advisory ID
MDVSA-2010:141
Affected versions
2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities has been discovered and corrected in samba:

The chain_reply function in process.c in smbd in Samba before 3.4.8 and
3.5.x before 3.5.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and process crash) via a Negotiate Protocol
request with a certain 0x0003 field value followed by a Session Setup
AndX request with a certain 0x8003 field value (CVE-2010-1635).

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in
Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to
trigger an out-of-bounds read, and cause a denial of service (process
crash), via a \xff\xff security blob length in a Session Setup AndX
request (CVE-2010-1642).

The updated packages provides samba 3.4.8 which is not vulnerable to
these issues.

Updated packages

2010.0 x86_64

 dc3ea8121670006d7f6cf03e55bc6847  2010.0/x86_64/lib64netapi0-3.4.8-0.1mdv2010.0.x86_64.rpm
 667c0a292b645a34e0ef69f868b50c1e  2010.0/x86_64/lib64netapi-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
 86867f07f941e401d729da99db8999c7  2010.0/x86_64/lib64smbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm
 4bf349bed200e12b58a7b770bb380a4d  2010.0/x86_64/lib64smbclient0-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
 166403ad036554045969d15c5d7930ce  2010.0/x86_64/lib64smbclient0-static-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
 a27c18efe52f8bd84e3c9fe0397330f5  2010.0/x86_64/lib64smbsharemodes0-3.4.8-0.1mdv2010.0.x86_64.rpm
 321fb245fffeaf5eb51a2374a98d82aa  2010.0/x86_64/lib64smbsharemodes-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
 5c2e728292c68ba9e2792243884aec1e  2010.0/x86_64/lib64wbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm
 2592b742d650311a8e41c424108fea35  2010.0/x86_64/lib64wbclient-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
 24aba98967dc4d1344761042c3f690b8  2010.0/x86_64/mount-cifs-3.4.8-0.1mdv2010.0.x86_64.rpm
 6ee9b8449e0f3098c97ee3375b4ac1fa  2010.0/x86_64/nss_wins-3.4.8-0.1mdv2010.0.x86_64.rpm
 8d965d364efd1811663942e994177613  2010.0/x86_64/samba-client-3.4.8-0.1mdv2010.0.x86_64.rpm
 7b12626da40ff3a0d99af999b4025031  2010.0/x86_64/samba-common-3.4.8-0.1mdv2010.0.x86_64.rpm
 d85b87de309397eaef937367f692a162  2010.0/x86_64/samba-doc-3.4.8-0.1mdv2010.0.x86_64.rpm
 2072d71d0788f78ae0fbaee6c8d6ffcb  2010.0/x86_64/samba-server-3.4.8-0.1mdv2010.0.x86_64.rpm
 88efc944e7a50f88c461fc8396680a71  2010.0/x86_64/samba-swat-3.4.8-0.1mdv2010.0.x86_64.rpm
 e1cdabf9142b48ec1d4573162d48cdf1  2010.0/x86_64/samba-winbind-3.4.8-0.1mdv2010.0.x86_64.rpm 
 108c4366915b69a5d16cf9e550c1a07c  2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm

2010.0 i586

 7448da14d3cd38e46ef194ce171215c4  2010.0/i586/libnetapi0-3.4.8-0.1mdv2010.0.i586.rpm
 06c3fc5e7c685893a18fc6f4d8a2922a  2010.0/i586/libnetapi-devel-3.4.8-0.1mdv2010.0.i586.rpm
 68ab1439a074c1f8d4662d9ee5799076  2010.0/i586/libsmbclient0-3.4.8-0.1mdv2010.0.i586.rpm
 a10ab609798c947213f372c19b325dd5  2010.0/i586/libsmbclient0-devel-3.4.8-0.1mdv2010.0.i586.rpm
 009d6e6bd9f84f9cee5b07930425b955  2010.0/i586/libsmbclient0-static-devel-3.4.8-0.1mdv2010.0.i586.rpm
 0e1188b9bae8a6cfee48a6a1e09551f1  2010.0/i586/libsmbsharemodes0-3.4.8-0.1mdv2010.0.i586.rpm
 309d86578c162b1df920f63f8c557b43  2010.0/i586/libsmbsharemodes-devel-3.4.8-0.1mdv2010.0.i586.rpm
 ba544bd939276b14d73b3b2101b754dc  2010.0/i586/libwbclient0-3.4.8-0.1mdv2010.0.i586.rpm
 d2441a3fbabd411a0b10dc3de9e0b1ab  2010.0/i586/libwbclient-devel-3.4.8-0.1mdv2010.0.i586.rpm
 ed856faed4546f7984a5b97fd56e8a1c  2010.0/i586/mount-cifs-3.4.8-0.1mdv2010.0.i586.rpm
 81983af0fd7c6d5ac2eaba11ff56039e  2010.0/i586/nss_wins-3.4.8-0.1mdv2010.0.i586.rpm
 d9e710c53bd905be68601fd3f72e1624  2010.0/i586/samba-client-3.4.8-0.1mdv2010.0.i586.rpm
 99097a7153e6694bd94d078c31de0cb4  2010.0/i586/samba-common-3.4.8-0.1mdv2010.0.i586.rpm
 dfa4a8a6ed149ca3cf1aa5af62b517fe  2010.0/i586/samba-doc-3.4.8-0.1mdv2010.0.i586.rpm
 77d65fb7fed8dad1f23863df8e90d810  2010.0/i586/samba-server-3.4.8-0.1mdv2010.0.i586.rpm
 dd3e5136d2e9955c15273eafe0a68285  2010.0/i586/samba-swat-3.4.8-0.1mdv2010.0.i586.rpm
 b77cad772f69755e270076bc9bce9e85  2010.0/i586/samba-winbind-3.4.8-0.1mdv2010.0.i586.rpm 
 108c4366915b69a5d16cf9e550c1a07c  2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm

References