[Pkg-samba-maint] Bug#719642: pu: samba/2:3.6.6-6+deb7u1

Ivo De Decker ivo.dedecker at ugent.be
Tue Aug 13 19:47:33 UTC 2013 

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org at packages.debian.org
Usertags: pu

Dear release team,

The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for wheezy.

Thanks in advance.

Cheers,

Ivo

-------------- next part --------------
diff -Nru samba-3.6.6/debian/changelog samba-3.6.6/debian/changelog
--- samba-3.6.6/debian/changelog	2013-04-15 23:56:50.000000000 +0200
+++ samba-3.6.6/debian/changelog	2013-08-13 21:10:11.000000000 +0200
@@ -1,3 +1,11 @@
+samba (2:3.6.6-6+deb7u1) wheezy; urgency=low
+
+  * Security update
+  * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+    Closes: #718781
+
+ -- Ivo De Decker <ivo.dedecker at ugent.be>  Tue, 13 Aug 2013 21:10:11 +0200
+
 samba (2:3.6.6-6) unstable; urgency=low
 
   * Team upload.
diff -Nru samba-3.6.6/debian/patches/security-CVE-2013-4124.patch samba-3.6.6/debian/patches/security-CVE-2013-4124.patch
--- samba-3.6.6/debian/patches/security-CVE-2013-4124.patch	1970-01-01 01:00:00.000000000 +0100
+++ samba-3.6.6/debian/patches/security-CVE-2013-4124.patch	2013-08-13 16:59:11.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+   All current released versions of Samba are vulnerable to a denial of
+   service on an authenticated or guest connection. A malformed packet
+   can cause the smbd server to loop the CPU performing memory
+   allocations and preventing any further service.
+
+   A connection to a file share, or a local account is needed to exploit
+   this problem, either authenticated or unauthenticated if guest
+   connections are allowed.
+
+   This flaw is not exploitable beyond causing the code to loop
+   allocating memory, which may cause the machine to exceed memory
+   limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c	2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c	2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ 		if (next_offset == 0) {
+ 			break;
+ 		}
++
++		/* Integer wrap protection for the increment. */
++		if (offset + next_offset < offset) {
++			break;
++		}
++
+ 		offset += next_offset;
++
++		/* Integer wrap protection for while loop. */
++		if (offset + 4 < offset) {
++			break;
++		}
++
+ 	}
+ 
+ 	return ea_list_head;
diff -Nru samba-3.6.6/debian/patches/series samba-3.6.6/debian/patches/series
--- samba-3.6.6/debian/patches/series	2013-01-31 20:53:43.000000000 +0100
+++ samba-3.6.6/debian/patches/series	2013-08-13 16:59:11.000000000 +0200
@@ -24,3 +24,4 @@
 0001-ndr-fix-push-pull-DATA_BLOB-with-NDR_NOALIGN.patch
 security-CVE-2013-0213.patch
 security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch

More information about the Pkg-samba-maint mailing list