Novell is now a part of Micro Focus

Security update for Samba

Knowledgebase

(Last modified: 13SEP2004)


solutions Security update for Samba SuSE Linux Maintenance Web (51640e8f4b2890b6b676c40dd61af7fd)

Applies to

Package: samba
samba-client
samba-pdb
samba-python
samba-vscan
samba-winbind
Product(s): SUSE CORE 9 for x86
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for AMD64 and Intel EM64T
Patch: patch-9360
Release: 20040913
Obsoletes: none

Indications

People who use the following should update:
  • printing with Microsoft Windows XP Service Pack 2 clients
  • vscan users
  • users with macros in the 'log file' smb.conf option.

Contraindications

None.

Problem description

This version fixes several bugs in the Samba suite including two Denial of Service (DoS) Vulnerabilities
Microsoft Windows XP clients with installed Service Pack 2 crash the Samba (smbd) process while printing.
Using macros in the smb.conf 'log file' statement might lead to an infinite recursion.
A wrong counter and pointer handling in samba-vscan sometimes lead to a crashed Samba (smbd) process.
A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible to exhaust the memory resources on the server. This issue is known as CAN-2004-0807.
A DoS bug in nmbd may allow an attacker to remotely crash the nmbd daemon. This issue is known as CAN-2004-0808.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh samba.rpm samba-client.rpm samba-pdb.rpm samba-python.rpm samba-vscan.rpm samba-winbind.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates