[Pkg-samba-maint] [samba] 01/02: add patch for CVE-2013-4124

Ivo De Decker idd-guest at alioth.debian.org
Tue Aug 13 21:22:23 UTC 2013 

This is an automated email from the git hooks/post-receive script.

idd-guest pushed a commit to branch squeeze
in repository samba.

commit ad7ae2c2704000e4f58ab7b21e689bf05c551d8e
Author: Ivo De Decker <ivo.dedecker at ugent.be>
Date:   Tue Aug 13 21:56:43 2013 +0200

    add patch for CVE-2013-4124
---
 debian/changelog                            |    8 ++++++
 debian/patches/security-CVE-2013-4124.patch |   39 +++++++++++++++++++++++++++
 debian/patches/series                       |    1 +
 3 files changed, 48 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 20be819..e727e44 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+samba (2:3.5.6~dfsg-3squeeze10) UNRELEASED; urgency=low
+
+  * Security update
+  * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+    Closes: #718781
+
+ -- Ivo De Decker <ivo.dedecker at ugent.be>  Tue, 13 Aug 2013 21:54:28 +0200
+
 samba (2:3.5.6~dfsg-3squeeze9) stable-security; urgency=high
 
   * Security update
diff --git a/debian/patches/security-CVE-2013-4124.patch b/debian/patches/security-CVE-2013-4124.patch
new file mode 100644
index 0000000..081f846
--- /dev/null
+++ b/debian/patches/security-CVE-2013-4124.patch
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+   All current released versions of Samba are vulnerable to a denial of
+   service on an authenticated or guest connection. A malformed packet
+   can cause the smbd server to loop the CPU performing memory
+   allocations and preventing any further service.
+
+   A connection to a file share, or a local account is needed to exploit
+   this problem, either authenticated or unauthenticated if guest
+   connections are allowed.
+
+   This flaw is not exploitable beyond causing the code to loop
+   allocating memory, which may cause the machine to exceed memory
+   limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c	2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c	2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ 		if (next_offset == 0) {
+ 			break;
+ 		}
++
++		/* Integer wrap protection for the increment. */
++		if (offset + next_offset < offset) {
++			break;
++		}
++
+ 		offset += next_offset;
++
++		/* Integer wrap protection for while loop. */
++		if (offset + 4 < offset) {
++			break;
++		}
++
+ 	}
+ 
+ 	return ea_list_head;
diff --git a/debian/patches/series b/debian/patches/series
index f0956a3..45c6761 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -35,3 +35,4 @@ security-CVE-2012-2111.patch
 debian-changes-2:3.5.6~dfsg-3squeeze8
 security-CVE-2013-0213.patch
 security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git

More information about the Pkg-samba-maint mailing list