Samba update fixes DoS vulnerabilities - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Samba update fixes DoS vulnerabilities

User Rating:

How can I rate this item?

Source: H Security - Posted by Alex

Released last week, version 3.4.8 of the free Samba file and print server fixes various holes including two denial of service (DoS) vulnerabilities which allow attackers to remotely crash the Smbd service. One of the problems is caused by a null pointer dereference when processing a certain series of SMB headers that include a specific combination of flags. The other hole involves an uninitialised variable read when processing specially crafted "Session Setup AndX" requests with flawed Security Binary Large Object (security blob) length values.

Both flaws were already fixed in April In version 3.5.2. Users are advised to install one of the new versions as soon as possible because security firm Stratsec, which discovered the holes, released some relevant exploits.at the same time as the details of the vulnerability.

Read this full article at H Security