Samba 3.5.5, 3.4.9, 3.3.14 Security Releases

Security
Samba 3.5.5, 3.4.9, 3.3.14 Security Releases

EcusE 2010. 9. 15. 16:42


o  CVE-2010-3069:
   All current released versions of Samba are vulnerable to
   a buffer overrun vulnerability. The sid_parse() function
   (and related dom_sid_parse() function in the source4 code)
   do not correctly check their input lengths when reading a
   binary representation of a Windows SID (Security ID). This
   allows a malicious client to send a sid that can overflow
   the stack variable that is being used to store the SID in the
   Samba smbd server.



CVE-2010-3069 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069


================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.3.14.html
        http://www.samba.org/samba/ftp/history/samba-3.4.9.html
        http://www.samba.org/samba/ftp/history/samba-3.5.5.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/