Opened 10 years ago

Closed 10 years ago

#5321 closed enhancement (fixed)

samba-4.1.11

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.6
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://ftp.samba.org/pub/samba/stable/samba-4.1.11.tar.gz

http://www.samba.org/samba/history/samba-4.1.11.html

This is a security release in order to address
CVE-2014-3560 (Remote code execution in nmbd).

o  CVE-2014-3560:
   Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on
   unauthenticated nmbd NetBIOS name services.

   A malicious browser can send packets that may overwrite the heap of
   the target nmbd NetBIOS name services daemon. It may be possible to
   use this to generate a remote code execution vulnerability as the
   superuser (root).


Changes since 4.1.10:
---------------------

o   Volker Lendecke <vl@samba.org>
    * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.

Change History (2)

comment:1 by Fernando de Oliveira, 10 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 10 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r13811.

Note: See TracTickets for help on using tickets.