Bugzilla – Bug 829969
VUL-0: CVE-2013-4124: samba: DoS by missing integer wrap protection in EA list reading
Last modified: 2019-10-24 16:02:41 UTC
This is an autogenerated message for OBS integration: This bug (829969) was mentioned in https://build.opensuse.org/request/show/185912 Maintenance / https://build.opensuse.org/request/show/185913 Maintenance /
This is an autogenerated message for OBS integration: This bug (829969) was mentioned in https://build.opensuse.org/request/show/186094 Maintenance /
openSUSE-SU-2013:1339-1: An update that solves one vulnerability and has 8 fixes is now available. Category: security (important) Bug References: 765270,798856,806501,812929,817919,820531,823549,824833,829969 CVE References: CVE-2013-4124 Sources used: openSUSE 12.2 (src): samba-3.6.7-48.24.1, samba-doc-3.6.7-48.24.1
openSUSE-SU-2013:1349-1: An update that solves one vulnerability and has 11 fixes is now available. Category: security (important) Bug References: 765270,798856,804822,806501,812929,816647,817919,820531,821889,823549,824833,829969 CVE References: CVE-2013-4124 Sources used: openSUSE 12.3 (src): samba-3.6.12-59.9.1, samba-doc-3.6.12-59.9.1
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-debuginfo, libtalloc1-debuginfo-32bit, libtalloc1-debuginfo-x86, libtalloc1-debugsource, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-debuginfo, libtalloc1-debuginfo-32bit, libtalloc1-debuginfo-x86, libtalloc1-debugsource, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
released
Update released for: libnetapi-devel, libnetapi0, libtalloc-devel, libtalloc1, libtdb-devel, libtdb1, libwbclient-devel, libwbclient0, samba-gplv3, samba-gplv3-client, samba-gplv3-debuginfo, samba-gplv3-doc, samba-gplv3-krb-printing, samba-gplv3-winbind Products: SLE-SERVER 10-SP3-SAMBA (i386, ia64, ppc, s390x, x86_64)
http://www.samba.org/samba/security/CVE-2013-4124 =========================================================== == Subject: Denial of service - CPU loop and memory allocation. == == CVE ID#: CVE-2013-4124 == == Versions: Samba 3.0.x - 4.0.7 (inclusive) == == Summary: Samba 3.0.x to 4.0.7 are affected by a == denial of service attack on authenticated == or guest connections. == =========================================================== =========== Description =========== All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.5.22, 3.6.17 and 4.0.8 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== None. ======= Credits ======= This problem was found by an internal audit of the Samba code by Jeremy Allison of Google.
The SWAMPID for this issue is 56984. This issue was rated as moderate. Please submit fixed packages until 2014-04-24. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0723-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 783384,799641,800982,829969,844720,849224,853021,853347 CVE References: CVE-2012-6150,CVE-2013-0213,CVE-2013-0214,CVE-2013-4124,CVE-2013-4408,CVE-2013-4496 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): samba-3.4.3-1.52.3, samba-doc-3.4.3-1.52.3
*** Bug 876579 has been marked as a duplicate of this bug. ***
Affected packages: SLE-10-SP4: samba