diff options
author | Jeremy Allison <jra@samba.org> | 2011-02-27 18:16:20 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-02-27 18:16:20 +0100 |
commit | 43babef991feedbe2acb77d27254d302ab107fa8 (patch) | |
tree | 3f1184591a69f886ef6ba84e4ea4000a155dee68 /docs-xml/Samba3-ByExample | |
parent | a7aab3330f8bac43c86fdf3770daa0c42828a29c (diff) | |
download | samba-43babef991feedbe2acb77d27254d302ab107fa8.tar.gz |
Fix denial of service - memory corruption.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
Diffstat (limited to 'docs-xml/Samba3-ByExample')
0 files changed, 0 insertions, 0 deletions