summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-200409-14.xml')
-rw-r--r--metadata/glsa/glsa-200409-14.xml65
1 files changed, 65 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200409-14.xml b/metadata/glsa/glsa-200409-14.xml
new file mode 100644
index 000000000000..22fa006b226f
--- /dev/null
+++ b/metadata/glsa/glsa-200409-14.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-14">
+ <title>Samba: Remote printing non-vulnerability</title>
+ <synopsis>
+ Samba has a bug with out of sequence print change notification requests,
+ but it cannot be used to perform a remote denial of service attack.
+ </synopsis>
+ <product type="ebuild">samba</product>
+ <announced>2004-09-09</announced>
+ <revised count="03">2006-05-22</revised>
+ <bug>62476</bug>
+ <access>remote</access>
+ <affected>
+ </affected>
+ <background>
+ <p>
+ Samba is a freely available SMB/CIFS implementation which allows
+ seamless interoperability of file and print services to other SMB/CIFS
+ clients.
+ </p>
+ </background>
+ <description>
+ <p>
+ Due to a bug in the printer_notify_info() function, authorized users
+ could potentially crash their smbd process by sending improperly
+ handled print change notification requests in an invalid order. Windows
+ XP SP2 clients can trigger this behavior by sending a
+ FindNextPrintChangeNotify() request before previously sending a
+ FindFirstPrintChangeNotify() request.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ We incorrectly thought that this bug could be exploited to deny service
+ to all Samba users. It is not the case, this bug has no security impact
+ whatsoever. Many thanks to Jerry Carter from the Samba team for
+ correcting our mistake.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no need for a workaround.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Samba users can keep their current versions.
+ </p>
+ </resolution>
+ <references>
+ <uri link="https://samba.org/samba/history/samba-3.0.6.html">Samba Release Notes</uri>
+ <uri link="https://bugzilla.samba.org/show_bug.cgi?id=1520">Samba Bug #1520</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0829">CVE-2004-0829</uri>
+ </references>
+ <metadata tag="requester" timestamp="2004-09-03T20:09:15Z">
+ jaervosz
+ </metadata>
+ <metadata tag="submitter" timestamp="2004-09-04T18:44:38Z">
+ lewk
+ </metadata>
+ <metadata tag="bugReady" timestamp="2004-09-09T04:56:22Z">
+ jaervosz
+ </metadata>
+</glsa>