Description
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
Affected products
- conectiva / linux9.0 – 9.0
- conectiva / linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.0 – 10.0
- Samba / Samba3.0.6 – 3.0.6
- Samba / Samba3.0.1 – 3.0.1
- Samba / Samba3.0.2 – 3.0.2
- Samba / Samba3.0.2a – 3.0.2a
- Samba / Samba3.0.0 – 3.0.0
- Samba / Samba3.0.3 – 3.0.3
- Samba / Samba3.0.4 – 3.0.4
- Samba / Samba3.0.4 – 3.0.4
- Samba / Samba3.0.5 – 3.0.5
- sgi / samba3.0.4 – 3.0.4
- sgi / samba3.0 – 3.0
- sgi / samba3.0.1 – 3.0.1
- sgi / samba3.0.2 – 3.0.2
- sgi / samba3.0.3 – 3.0.3
- sgi / samba3.0.5 – 3.0.5
- sgi / samba3.0.6 – 3.0.6
- SUSE / suse_linux8 – 8
- SUSE / suse_linux8.1 – 8.1
- SUSE / suse_linux8.2 – 8.2
- SUSE / suse_linux9.0 – 9.0
- SUSE / suse_linux9.0 – 9.0
- SUSE / suse_linux9.0 – 9.0
- SUSE / suse_linux9.1 – 9.1
References
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11141
- MISChttp://www.trustix.net/errata/2004/0046/
- MISChttp://www.redhat.com/support/errata/RHSA-2004-467.html
- MISChttp://www.idefense.com/application/poi/display?id=139&type=vulnerabilities
- MAILING_LISThttp://marc.info/?l=bugtraq&m=109509335230495&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=109526231623307&w=2
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
- VENDOR_ADVISORYhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092
- VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200409-16.xml