Gentoo: GLSA-200409-14: Samba: Remote printing vulnerability
Summary
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gentoo Linux Security Advisory GLSA 200409-14 https://security.gentoo.org/
Severity: Normal Title: Samba: Remote printing vulnerability Date: September 09, 2004 Bugs: #62476 ID: 200409-14
Synopsis ======= Samba is vulnerable to a remote denial of service attack due to out of sequence print change notification requests.
Background ========= Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 3.0.6 >= 3.0.6
========== Due to a bug in the printer_notify_info() function, authorized userscould potentially crash the Samba server by sending improperly handled print change notification requests in an invalid order. Windows XP SP2 clients can trigger this behavior by sending a FindNextPrintChangeNotify() request before previously sending a FindFirstPrintChangeNotify() request.
Impact ===== A remote authorized user could potentially crash a Samba server after issuing these out of sequence requests.
Workaround ========= There is no known workaround at this time.
Resolution ========= All Samba users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-fs/samba-3.0.6" # emerge ">=net-fs/samba-3.0.6"
References ========= [ 1 ] Samba Release Notes https://www.samba.org/samba/history/samba-3.0.6.html [ 2 ] BugTraq Advisory
Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/200409-14
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org/.
License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/1.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBP/8TzKC5hMHO6rkRAlzQAJoC5WToM0BJFPCrdV9eK5Qof9/4zwCfetGL XM2UdFtazEDBA4aePUTkrxE=gctd -----END PGP SIGNATURE-----