[CAN-2004-0686] Buffer overrun in `mangling method = hash' handling

Message-ID: <email address hidden>
Date: Thu, 22 Jul 2004 16:13:58 +0200
From: "J.H.M. Dassen (Ray)" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: [CAN-2004-0686] Buffer overrun in `mangling method = hash' handling

Package: samba
Version: 2.2.3a-13
Severity: grave
Tags: security upstream fixed-upstream woody

http://www.samba.org/samba/whatsnew/samba-2.2.10.html :

 Security Release - Samba 2.2.10 Available for Download

                  ==============================
                  Release Notes for Samba 2.2.10
                           July 22, 2004
                  ==============================

 ######################## SECURITY RELEASE ########################

 Summary: Potential Buffer Overrun in Samba 2.2.x
 CVE ID: CAN-2004-0686
                (http://cve.mitre.org/)

 This is the latest stable release of the Samba 2.2 code base.
 There are no further Samba 2.2.x releases planned at this time.

 -------------
 CAN-2004-0686
 -------------

 Affected Versions: Samba 2.2.0 through 2.2.9

 A buffer overrun has been located in the code used to support
 the 'mangling method = hash' smb.conf option. Affected Samba
 2.2 installations can avoid this possible security bug by using
 the hash2 mangling method. Server installations requiring
 the hash mangling method are encouraged to upgrade to Samba v2.2.10
 or v3.0.5.

 The source code can be downloaded from :

     http://download.samba.org/samba/ftp/

 in the file samba-2.2.10.tar.gz. The uncompressed archive has
 been signed using the Samba Distribution Key.

 Our code, Our bugs, Our responsibility (Samba Bugzilla).

                            -- The Samba Team

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig

Message-ID: <email address hidden>
Date: Thu, 22 Jul 2004 09:03:46 -0700
From: Matt Zimmerman <email address hidden>
To: <email address hidden>
Subject: Re: Bug#260839: [CAN-2004-0686] Buffer overrun in `mangling method = hash' handling

merge 260839 260838
thanks

On Thu, Jul 22, 2004 at 04:13:58PM +0200, J.H.M. Dassen (Ray) wrote:
> Package: samba
> Version: 2.2.3a-13
> Severity: grave
> Tags: security upstream fixed-upstream woody
>
> http://www.samba.org/samba/whatsnew/samba-2.2.10.html :
>
> Security Release - Samba 2.2.10 Available for Download
>
> ==============================
> Release Notes for Samba 2.2.10
> July 22, 2004
> ==============================
>
>
> ######################## SECURITY RELEASE ########################
>
> Summary: Potential Buffer Overrun in Samba 2.2.x
> CVE ID: CAN-2004-0686
> (http://cve.mitre.org/)
>
> This is the latest stable release of the Samba 2.2 code base.
> There are no further Samba 2.2.x releases planned at this time.
>
> -------------
> CAN-2004-0686
> -------------
>
> Affected Versions: Samba 2.2.0 through 2.2.9
>
> A buffer overrun has been located in the code used to support
> the 'mangling method = hash' smb.conf option. Affected Samba
> 2.2 installations can avoid this possible security bug by using
> the hash2 mangling method. Server installations requiring
> the hash mangling method are encouraged to upgrade to Samba v2.2.10
> or v3.0.5.
>
>
> The source code can be downloaded from :
>
> http://download.samba.org/samba/ftp/
>
> in the file samba-2.2.10.tar.gz. The uncompressed archive has
> been signed using the Samba Distribution Key.
>
> Our code, Our bugs, Our responsibility (Samba Bugzilla).
>
> -- The Samba Team
>
> -- System Information:
> Debian Release: testing/unstable
> APT prefers unstable
> APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.4.27-rc3
> Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
> --
> Obsig: developing a new sig
>
>
> --
> To UNSUBSCRIBE, email to <email address hidden>
> with a subject of "unsubscribe". Trouble? Contact <email address hidden>

--
 - mdz

Marking as duplicate based on debbugs merge (260838,260839)

This bug has been marked as a duplicate of bug 7136.

Message-ID: <email address hidden>
Date: Sat, 14 Aug 2004 19:23:18 +0200
From: "J.H.M. Dassen (Ray)" <email address hidden>
To: <email address hidden>
Subject: Re: [CAN-2004-0600, CAN-2004-0686] buffer overruns

tags 260838 - sarge sid
tags 260839 - sarge sid
thanks

On Thu, Jul 22, 2004 at 16:12:06 +0200, J.H.M. Dassen (Ray) wrote:
> Package: samba
> Version: 3.0.4-5
> Severity: grave
> Tags: security upstream fixed-upstream sarge sid
>
> http://www.samba.org/samba/whatsnew/samba-3.0.5.html :
>
> Security Release -- Samba 3.0.5 Available for Download

3.0.5-1 has now made it into both sid and sarge.

Ray
--
"When you are finished spreading joy on Christmas Eve, come and kick back
with me and Erwin for a while. [...] We'll provide the cocoa and cookies,
and we'll even teach you how to play Quake."
 From the Dust Puppy's letter to Santa Claus.

Message-ID: <email address hidden>
Date: Tue, 9 Aug 2005 11:24:01 -0400
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: testing bug triage

--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

# Doing some notfounds for bugs tagged as woody/sarge so they do not show u=
p at
# http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=3Dtag&data=3Dsecurity&=
archive=3Dno&version=3D&dist=3Dtesting

notfound 274225 4:2.6.2-3
notfound 278942 2:3.26-3
notfound 288047 2:1.7.8-1
notfound 318946 2.4.1-2
notfound 196590 2.6.4-1.8
notfound 199351 1.1.33-2
notfound 223456 1.14.6+0.20040803-1
notfound 244810 1:2.6.4-6.2
notfound 250106 1.0.8-1
notfound 260838 3.0.14a-3
notfound 287043 0.59r-20
notfound 298114 1.79-22
notfound 302421 0.99+1.00pre12-1
notfound 306003 4:4.3.10-15
notfound 306141 1.2.2-11.2
notfound 309143 4.3.0.dfsg.1-14
notfound 312292 1.0.30-1
tag 315532 - sarge
notfound 315532 1:1.0.9.dfsg-1

# stopping at end of grave holes for now, still need to do serious,
# normal, etc

--=20
see shy jo

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC+MqQd8HHehbQuO8RAnjyAJ4r6TdUVKM9WqIdJmb6k7oex4OczgCgv4kq
ZBvB0fvxoPghowtWLniskBM=
=opHz
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--

Message-ID: <email address hidden>
Date: Thu, 11 Aug 2005 18:36:59 -0400
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: Re: testing bug triage

--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

# Trying again now that use of closes/notfound has been clarified to me.

close 274225 4:2.6.2-3
close 278942 2:3.26-3
close 288047 2:1.7.8-1
close 318946 2.4.1-2
close 196590 2.6.4-1.8
close 199351 1.1.33-2
close 223456 1.14.6+0.20040803-1
close 244810 1:2.6.4-6.2
close 250106 1.0.8-1
close 260838 3.0.14a-3
close 287043 0.59r-20
close 298114 1.79-22
close 302421 0.99+1.00pre12-1
close 306003 4:4.3.10-15
close 306141 1.2.2-11.2
close 309143 4.3.0.dfsg.1-14
close 312292 1.0.30-1
close 315532 1:1.0.9.dfsg-1

# stopping at end of grave holes for now, still need to do serious,
# normal, etc

--=20
see shy jo

--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC+9MLd8HHehbQuO8RAm1QAJ9H9fI9CEWAXKDS+O5/G8lgtFq6dgCbB686
oj2pq8nb5tvqaEJWY6/AWn8=
=iaw0
-----END PGP SIGNATURE-----

--IS0zKkzwUGydFO0o--