blob: 8d4de3b9b9f9c6771a7a59581c3a7ad67a0523ce [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200412-13">
<title>Samba: Integer overflow</title>
Samba contains a bug that could lead to remote execution of arbitrary code.
<product type="ebuild">Samba</product>
<announced>December 17, 2004</announced>
<revised>December 17, 2004: 01</revised>
<package name="net-fs/samba" auto="yes" arch="*">
<unaffected range="ge">3.0.9-r1</unaffected>
<vulnerable range="le">3.0.9</vulnerable>
Samba is a freely available SMB/CIFS implementation which allows
seamless interoperability of file and print services to other SMB/CIFS
Samba contains a bug when unmarshalling specific MS-RPC requests from
<impact type="high">
A remote attacker may be able to execute arbitrary code with the
permissions of the user running Samba, which could be the root user.
There is no known workaround at this time.
All samba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-fs/samba-3.0.9-r1&quot;</code>
<uri link="">CAN 2004-1154</uri>
<uri link="">Samba Announcement</uri>
<metadata tag="submitter" timestamp="Wed, 15 Dec 2004 20:27:23 +0000">
<metadata tag="bugReady" timestamp="Fri, 17 Dec 2004 19:53:44 +0000">