BugTraq
Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd Aug 31 2004 08:33PM
Jérôme ATHIAS (jerome athias caramail com)


Date: Mon, 30 Aug 2004 23:42:49 -0400

Subject: http://samba.org/samba/history/samba-2.2.11.html

The Samba 2.2.11 release addresses the following bug:

o Crashes in smbd triggered by a Windows XP SP2 client sending

a FindNextPrintChangeNotify() request without previously

issuing FindFirstPrintChangeNotify().

Impact: Denial of service via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): prior to 3.0.6, prior to 2.2.11

Description: A vulnerability was reported in Samba. A remote authenticated user can cause smbd to crash.

The vendor reported that a remote authenticated user can send a FindNextPrintChangeNotify() request without having previously sent a corresponding FindFirstPrintChangeNotify() requeste to cause smbd to crash.

This behavior can be triggered by a Windows XP SP2 client.

The flaw resides in printer_notify_info() in 'rpc_server/srv_spoolss_nt.c'.

Craig Huegen reported this flaw to the vendor.

Impact: A remote authenticated user can cause smbd to crash.

Solution: The vendor has released a fixed version (3.0.6 and 2.2.11), available at:

http://samba.org/samba/download/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus