[Pkg-samba-maint] Bug#719642: pu: samba/2:3.6.6-6+deb7u1
Ivo De Decker
ivo.dedecker at ugent.be
Tue Aug 13 19:47:33 UTC 2013
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org at packages.debian.org
Usertags: pu
Dear release team,
The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for wheezy.
Thanks in advance.
Cheers,
Ivo
-------------- next part --------------
diff -Nru samba-3.6.6/debian/changelog samba-3.6.6/debian/changelog
--- samba-3.6.6/debian/changelog 2013-04-15 23:56:50.000000000 +0200
+++ samba-3.6.6/debian/changelog 2013-08-13 21:10:11.000000000 +0200
@@ -1,3 +1,11 @@
+samba (2:3.6.6-6+deb7u1) wheezy; urgency=low
+
+ * Security update
+ * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+ Closes: #718781
+
+ -- Ivo De Decker <ivo.dedecker at ugent.be> Tue, 13 Aug 2013 21:10:11 +0200
+
samba (2:3.6.6-6) unstable; urgency=low
* Team upload.
diff -Nru samba-3.6.6/debian/patches/security-CVE-2013-4124.patch samba-3.6.6/debian/patches/security-CVE-2013-4124.patch
--- samba-3.6.6/debian/patches/security-CVE-2013-4124.patch 1970-01-01 01:00:00.000000000 +0100
+++ samba-3.6.6/debian/patches/security-CVE-2013-4124.patch 2013-08-13 16:59:11.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+ All current released versions of Samba are vulnerable to a denial of
+ service on an authenticated or guest connection. A malformed packet
+ can cause the smbd server to loop the CPU performing memory
+ allocations and preventing any further service.
+
+ A connection to a file share, or a local account is needed to exploit
+ this problem, either authenticated or unauthenticated if guest
+ connections are allowed.
+
+ This flaw is not exploitable beyond causing the code to loop
+ allocating memory, which may cause the machine to exceed memory
+ limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c 2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c 2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ if (next_offset == 0) {
+ break;
+ }
++
++ /* Integer wrap protection for the increment. */
++ if (offset + next_offset < offset) {
++ break;
++ }
++
+ offset += next_offset;
++
++ /* Integer wrap protection for while loop. */
++ if (offset + 4 < offset) {
++ break;
++ }
++
+ }
+
+ return ea_list_head;
diff -Nru samba-3.6.6/debian/patches/series samba-3.6.6/debian/patches/series
--- samba-3.6.6/debian/patches/series 2013-01-31 20:53:43.000000000 +0100
+++ samba-3.6.6/debian/patches/series 2013-08-13 16:59:11.000000000 +0200
@@ -24,3 +24,4 @@
0001-ndr-fix-push-pull-DATA_BLOB-with-NDR_NOALIGN.patch
security-CVE-2013-0213.patch
security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch
More information about the Pkg-samba-maint
mailing list