-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:120 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : July 10, 2006 Affected: 10.2, 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403 http://www.samba.org/samba/security/CAN-2006-3403.html _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 3eb4f4fe83862cc464bec94f345b1205 10.2/RPMS/libsmbclient0-3.0.13-2.1.102mdk.i586.rpm 20257c42dc31bfa2c7528e7033485aeb 10.2/RPMS/libsmbclient0-devel-3.0.13-2.1.102mdk.i586.rpm 4abbb93b864aec424b863085e4cd17fe 10.2/RPMS/libsmbclient0-static-devel-3.0.13-2.1.102mdk.i586.rpm 54c14b19aeda54fb096766938dcd7ba0 10.2/RPMS/mount-cifs-3.0.13-2.1.102mdk.i586.rpm 6a718136f97f343c1673e9e82aa6685c 10.2/RPMS/nss_wins-3.0.13-2.1.102mdk.i586.rpm e0f0ca5db168dbec2ee78c47b04d4dfe 10.2/RPMS/samba-client-3.0.13-2.1.102mdk.i586.rpm aca4da8c53f090b9e41bd95690d95a27 10.2/RPMS/samba-common-3.0.13-2.1.102mdk.i586.rpm 80c6725741baa3386e8d15a552a2e5aa 10.2/RPMS/samba-doc-3.0.13-2.1.102mdk.i586.rpm ef137687ddad3bee055d6d3870e74db8 10.2/RPMS/samba-passdb-mysql-3.0.13-2.1.102mdk.i586.rpm 226357f0e98fa1c3b8abe17a23d1f715 10.2/RPMS/samba-passdb-pgsql-3.0.13-2.1.102mdk.i586.rpm 80a8107ea3f020bc930ecde070aefb61 10.2/RPMS/samba-passdb-xml-3.0.13-2.1.102mdk.i586.rpm e2d6e9fa08e770f08171d75dd1079d5a 10.2/RPMS/samba-server-3.0.13-2.1.102mdk.i586.rpm 62043615a61aa9424cee64634f6f8d95 10.2/RPMS/samba-smbldap-tools-3.0.13-2.1.102mdk.i586.rpm b76512984b8268a6c1d6474dd623c405 10.2/RPMS/samba-swat-3.0.13-2.1.102mdk.i586.rpm 21f24f6b6d4ba6ebdaf259c9ad2ff894 10.2/RPMS/samba-vscan-clamav-3.0.13-2.1.102mdk.i586.rpm 268ecfc08e5cd02ec69b2c3df9a79e3c 10.2/RPMS/samba-vscan-icap-3.0.13-2.1.102mdk.i586.rpm 469c6f7ac18bb3f3e963b15d6ddb218b 10.2/RPMS/samba-winbind-3.0.13-2.1.102mdk.i586.rpm 3cfae3f4e389c05b161fc03447fe8ea1 10.2/SRPMS/samba-3.0.13-2.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 1cabdda84ee642347b89b39f9b20647f x86_64/10.2/RPMS/lib64smbclient0-3.0.13-2.1.102mdk.x86_64.rpm ac3ed439d87acb15e3c2e29c43a6c15c x86_64/10.2/RPMS/lib64smbclient0-devel-3.0.13-2.1.102mdk.x86_64.rpm 62220c9ea9b521ae9255351f9d2e9a72 x86_64/10.2/RPMS/lib64smbclient0-static-devel-3.0.13-2.1.102mdk.x86_64.rpm 3eb4f4fe83862cc464bec94f345b1205 x86_64/10.2/RPMS/libsmbclient0-3.0.13-2.1.102mdk.i586.rpm 20257c42dc31bfa2c7528e7033485aeb x86_64/10.2/RPMS/libsmbclient0-devel-3.0.13-2.1.102mdk.i586.rpm 4abbb93b864aec424b863085e4cd17fe x86_64/10.2/RPMS/libsmbclient0-static-devel-3.0.13-2.1.102mdk.i586.rpm e3ee798596a4c1a3986046100967082d x86_64/10.2/RPMS/mount-cifs-3.0.13-2.1.102mdk.x86_64.rpm f7cc4e909f28d48b265c11be4ea910d7 x86_64/10.2/RPMS/nss_wins-3.0.13-2.1.102mdk.x86_64.rpm 4740a0c21ac308c552611a5ee347c72a x86_64/10.2/RPMS/samba-client-3.0.13-2.1.102mdk.x86_64.rpm 6115c746181eaeb5c0d1d507c116a6db x86_64/10.2/RPMS/samba-common-3.0.13-2.1.102mdk.x86_64.rpm ff054b178cff6c783fc730ca9c6ada5f x86_64/10.2/RPMS/samba-doc-3.0.13-2.1.102mdk.x86_64.rpm c6e65bf57165bdc7f438e92ec9bd7823 x86_64/10.2/RPMS/samba-passdb-mysql-3.0.13-2.1.102mdk.x86_64.rpm abf978ba0e1a53d0bc7c9938787d57f5 x86_64/10.2/RPMS/samba-passdb-pgsql-3.0.13-2.1.102mdk.x86_64.rpm 8d3dcc5cfd15c7401bd0c1835b2ede77 x86_64/10.2/RPMS/samba-passdb-xml-3.0.13-2.1.102mdk.x86_64.rpm 47c818ab47d1a18e3fe2bdc44d7c3916 x86_64/10.2/RPMS/samba-server-3.0.13-2.1.102mdk.x86_64.rpm 0d64c5d745416788db5c1e879f04ae03 x86_64/10.2/RPMS/samba-smbldap-tools-3.0.13-2.1.102mdk.x86_64.rpm fb96a98a1ec0fa08001e0ecb155bb243 x86_64/10.2/RPMS/samba-swat-3.0.13-2.1.102mdk.x86_64.rpm 06d7c44374d9ba8cde7077da3d6908c7 x86_64/10.2/RPMS/samba-vscan-clamav-3.0.13-2.1.102mdk.x86_64.rpm d7349d986a8b2b602c2c74d405571c27 x86_64/10.2/RPMS/samba-vscan-icap-3.0.13-2.1.102mdk.x86_64.rpm a7b8792e6ee53529f84dbb2c42431396 x86_64/10.2/RPMS/samba-winbind-3.0.13-2.1.102mdk.x86_64.rpm 3cfae3f4e389c05b161fc03447fe8ea1 x86_64/10.2/SRPMS/samba-3.0.13-2.1.102mdk.src.rpm Mandriva Linux 2006.0: b639e531c8aa76a45bb4fd7fc0c9d08f 2006.0/RPMS/libsmbclient0-3.0.20-3.1.20060mdk.i586.rpm 21d7c1bcdae8ba923815557a265aed8c 2006.0/RPMS/libsmbclient0-devel-3.0.20-3.1.20060mdk.i586.rpm 2922f2ad71b836793477e9774962ab81 2006.0/RPMS/libsmbclient0-static-devel-3.0.20-3.1.20060mdk.i586.rpm b1950669d6c9988067d98f80d3ed9f05 2006.0/RPMS/mount-cifs-3.0.20-3.1.20060mdk.i586.rpm ad230ddd398f550ec0c5b56b8a0c7af9 2006.0/RPMS/nss_wins-3.0.20-3.1.20060mdk.i586.rpm f74482cc4bba045eecd6302878e5cd98 2006.0/RPMS/samba-client-3.0.20-3.1.20060mdk.i586.rpm 1988d3cb187321c59f0ffd583089cdf2 2006.0/RPMS/samba-common-3.0.20-3.1.20060mdk.i586.rpm 7c3130bec18d3ca0d75b8acf724871ac 2006.0/RPMS/samba-doc-3.0.20-3.1.20060mdk.i586.rpm 73402f8d15a49c079c1c374a1a3926b7 2006.0/RPMS/samba-passdb-mysql-3.0.20-3.1.20060mdk.i586.rpm fe7d3ceac2df5a79853759b4b9eb8f21 2006.0/RPMS/samba-passdb-pgsql-3.0.20-3.1.20060mdk.i586.rpm cc4cb9b9eda79cc7d2ebbbe1eca8d098 2006.0/RPMS/samba-passdb-xml-3.0.20-3.1.20060mdk.i586.rpm 00602cff731083e2477f3a78ae69c9e4 2006.0/RPMS/samba-server-3.0.20-3.1.20060mdk.i586.rpm 58337068762956f952cd8dde7dbed638 2006.0/RPMS/samba-smbldap-tools-3.0.20-3.1.20060mdk.i586.rpm 39aadf73c4aff1c9e90cf5a9bd883ce0 2006.0/RPMS/samba-swat-3.0.20-3.1.20060mdk.i586.rpm b4055e2c5247be3762da9baa912c69f8 2006.0/RPMS/samba-vscan-clamav-3.0.20-3.1.20060mdk.i586.rpm bf5619e50e6603faf8c6b62f823a7c3b 2006.0/RPMS/samba-vscan-icap-3.0.20-3.1.20060mdk.i586.rpm b823e686c69c157bf640209611700e74 2006.0/RPMS/samba-winbind-3.0.20-3.1.20060mdk.i586.rpm f573ef27d6ae8fce9cd2451371d00f2c 2006.0/SRPMS/samba-3.0.20-3.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: b8246df3c55f97343bc04dfe77733fc5 x86_64/2006.0/RPMS/lib64smbclient0-3.0.20-3.1.20060mdk.x86_64.rpm d0c721a3523d3718e1e78ade2665b728 x86_64/2006.0/RPMS/lib64smbclient0-devel-3.0.20-3.1.20060mdk.x86_64.rpm 9c9852254610c810932013dd19917de8 x86_64/2006.0/RPMS/lib64smbclient0-static-devel-3.0.20-3.1.20060mdk.x86_64.rpm b639e531c8aa76a45bb4fd7fc0c9d08f x86_64/2006.0/RPMS/libsmbclient0-3.0.20-3.1.20060mdk.i586.rpm 21d7c1bcdae8ba923815557a265aed8c x86_64/2006.0/RPMS/libsmbclient0-devel-3.0.20-3.1.20060mdk.i586.rpm 2922f2ad71b836793477e9774962ab81 x86_64/2006.0/RPMS/libsmbclient0-static-devel-3.0.20-3.1.20060mdk.i586.rpm 7b1644dda9a0e0fc61e2553a16c3227f x86_64/2006.0/RPMS/mount-cifs-3.0.20-3.1.20060mdk.x86_64.rpm d05b51b91f6956ce210254b8140e1dff x86_64/2006.0/RPMS/nss_wins-3.0.20-3.1.20060mdk.x86_64.rpm f6a100b3426487ecaf1402d0f13fe2c6 x86_64/2006.0/RPMS/samba-client-3.0.20-3.1.20060mdk.x86_64.rpm b924d9378647d7854b9a1fe7d4cbcacb x86_64/2006.0/RPMS/samba-common-3.0.20-3.1.20060mdk.x86_64.rpm 70fe3749aa34cf856a238854c4a8ffba x86_64/2006.0/RPMS/samba-doc-3.0.20-3.1.20060mdk.x86_64.rpm e41a7d5cd9ec6113d9cdfa6e5f6824db x86_64/2006.0/RPMS/samba-passdb-mysql-3.0.20-3.1.20060mdk.x86_64.rpm 112d3d019065f29c8ccab1bed7e24ff9 x86_64/2006.0/RPMS/samba-passdb-pgsql-3.0.20-3.1.20060mdk.x86_64.rpm d25dd65d363d8412df0907c36af667bb x86_64/2006.0/RPMS/samba-passdb-xml-3.0.20-3.1.20060mdk.x86_64.rpm f00babb6d600c46d81315ef2ea05c253 x86_64/2006.0/RPMS/samba-server-3.0.20-3.1.20060mdk.x86_64.rpm e371858956f729e8b1d8020b4b929d10 x86_64/2006.0/RPMS/samba-smbldap-tools-3.0.20-3.1.20060mdk.x86_64.rpm 456d9ed7f29dc686b8803888058dbdd8 x86_64/2006.0/RPMS/samba-swat-3.0.20-3.1.20060mdk.x86_64.rpm cc428a83917f6bee4381ac29673c338e x86_64/2006.0/RPMS/samba-vscan-clamav-3.0.20-3.1.20060mdk.x86_64.rpm 9f4f4c7e4ad64b3c38fcb9644e6ca217 x86_64/2006.0/RPMS/samba-vscan-icap-3.0.20-3.1.20060mdk.x86_64.rpm 2dab89ab81536b0b32af36468271e192 x86_64/2006.0/RPMS/samba-winbind-3.0.20-3.1.20060mdk.x86_64.rpm f573ef27d6ae8fce9cd2451371d00f2c x86_64/2006.0/SRPMS/samba-3.0.20-3.1.20060mdk.src.rpm Corporate 3.0: 4490da65fef66f064a59282b7da68621 corporate/3.0/RPMS/libsmbclient0-3.0.14a-6.2.C30mdk.i586.rpm 5d2f6de8c701a826f214600c8dde0528 corporate/3.0/RPMS/libsmbclient0-devel-3.0.14a-6.2.C30mdk.i586.rpm d06d370c2816e6eaf15d97a5c7560519 corporate/3.0/RPMS/libsmbclient0-static-devel-3.0.14a-6.2.C30mdk.i586.rpm 3f4512e20d14ffd6c49ad6574913770c corporate/3.0/RPMS/mount-cifs-3.0.14a-6.2.C30mdk.i586.rpm 7b6264fbeb301b7c73a5ae7c74ddacfc corporate/3.0/RPMS/nss_wins-3.0.14a-6.2.C30mdk.i586.rpm 3e372468edf4ba40c6e16c6e6744ea0e corporate/3.0/RPMS/samba-client-3.0.14a-6.2.C30mdk.i586.rpm 423f53ba9b7d75ba0adde3c9279bd934 corporate/3.0/RPMS/samba-common-3.0.14a-6.2.C30mdk.i586.rpm f109661cbadfe418f435dbc099a15c53 corporate/3.0/RPMS/samba-doc-3.0.14a-6.2.C30mdk.i586.rpm 3f0f332b7d2b4ad8f94c51c90d65506d corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.2.C30mdk.i586.rpm 2e3737a856981e6e2b773aadca191415 corporate/3.0/RPMS/samba-server-3.0.14a-6.2.C30mdk.i586.rpm 29cc6e056bad1c89e7290ca70b8f0de5 corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.2.C30mdk.i586.rpm 96546053ae0ef2f00c2dc8580dc2c0c9 corporate/3.0/RPMS/samba-swat-3.0.14a-6.2.C30mdk.i586.rpm 0c0fd8f911403b7f7ae188ee788ad507 corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.2.C30mdk.i586.rpm 6840658b50e1b7d0f7f268289b204893 corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.2.C30mdk.i586.rpm f31679aaf15c51d8264a8b3a4066190e corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.2.C30mdk.i586.rpm ec4717b55261f70dec4d2c8955c385f1 corporate/3.0/RPMS/samba-winbind-3.0.14a-6.2.C30mdk.i586.rpm da1c9c209543730d10e83f9a9f5ebfcf corporate/3.0/SRPMS/samba-3.0.14a-6.2.C30mdk.src.rpm Corporate 3.0/X86_64: 1416831d844bf7b87db3c70d60100022 x86_64/corporate/3.0/RPMS/lib64smbclient0-3.0.14a-6.2.C30mdk.x86_64.rpm 98417e53a7fbf9edc798581fb5d3edb3 x86_64/corporate/3.0/RPMS/lib64smbclient0-devel-3.0.14a-6.2.C30mdk.x86_64.rpm 5299fbefd6638bc1dbd7724dd2e728e6 x86_64/corporate/3.0/RPMS/lib64smbclient0-static-devel-3.0.14a-6.2.C30mdk.x86_64.rpm ac8436d779dd384229594009426bd559 x86_64/corporate/3.0/RPMS/mount-cifs-3.0.14a-6.2.C30mdk.x86_64.rpm fec20e25461d3c5fef537496df93c94c x86_64/corporate/3.0/RPMS/nss_wins-3.0.14a-6.2.C30mdk.x86_64.rpm 8eea99ec757c429e4bed9258a59e7507 x86_64/corporate/3.0/RPMS/samba-client-3.0.14a-6.2.C30mdk.x86_64.rpm bac614217b2432ebb4d1ba9608caf26a x86_64/corporate/3.0/RPMS/samba-common-3.0.14a-6.2.C30mdk.x86_64.rpm 388f186ee4360a4a57c558cb9cec1696 x86_64/corporate/3.0/RPMS/samba-doc-3.0.14a-6.2.C30mdk.x86_64.rpm 20e69617864bcd21ba5e2f82bf2d83b0 x86_64/corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.2.C30mdk.x86_64.rpm 30791f102847b0aeca488aebad4e07a4 x86_64/corporate/3.0/RPMS/samba-server-3.0.14a-6.2.C30mdk.x86_64.rpm 15f39f30be615b23ca2afb5a4be4bf8d x86_64/corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.2.C30mdk.x86_64.rpm 35cfe4ebc5ebe39af764577356e3fddc x86_64/corporate/3.0/RPMS/samba-swat-3.0.14a-6.2.C30mdk.x86_64.rpm 1e46268670190e240fa2f73281b1bdf0 x86_64/corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.2.C30mdk.x86_64.rpm 98f42b0625686a84939876938f046593 x86_64/corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.2.C30mdk.x86_64.rpm 9b5c6b52c20699f58d9085e3a46fc877 x86_64/corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.2.C30mdk.x86_64.rpm d9471fcbc2b1a0b76ca5a4623b54807e x86_64/corporate/3.0/RPMS/samba-winbind-3.0.14a-6.2.C30mdk.x86_64.rpm da1c9c209543730d10e83f9a9f5ebfcf x86_64/corporate/3.0/SRPMS/samba-3.0.14a-6.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEszpqmqjQ0CJFipgRAjDnAJ0S7bC4FZeeAjD0Jl66B71c7N6BugCeKstA UPkBaJB/rUE03L5PqfzR8kw= =SITV -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/