• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Samba Deferred CIFS File Open Denial of Service Vulnerability

Solution:
The vendor has released a patch to address this issue. Please see the referenced advisories for more information.


Sun Solaris 10.0

• Sun 119757-05
  http://sunsolve.sun.com/patches/

Samba Samba 3.0.23a

• Mandriva lib64smbclient0-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva lib64smbclient0-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva lib64smbclient0-static-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libsmbclient0-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libsmbclient0-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libsmbclient0-static-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva mount-cifs-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva mount-cifs-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva nss_wins-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva nss_wins-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-3.0.23a-2.1.20060mlcs4.src.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-client-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-client-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-common-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-common-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-doc-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-doc-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-server-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-server-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-swat-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-swat-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-test-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-test-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-icap-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-icap-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-winbind-3.0.23a-2.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva samba-winbind-3.0.23a-2.1.20060mlcs4.x86_64.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download

Samba Samba 3.0.23c

• RedHat Fedora samba-3.0.24-1.fc6.i386.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-3.0.24-1.fc6.ppc.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-3.0.24-1.fc6.x86_64.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-client-3.0.24-1.fc6.i386.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-client-3.0.24-1.fc6.ppc.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-client-3.0.24-1.fc6.x86_64.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-common-3.0.24-1.fc6.i386.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-common-3.0.24-1.fc6.ppc.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-common-3.0.24-1.fc6.x86_64.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-debuginfo-3.0.24-1.fc6.i386.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-debuginfo-3.0.24-1.fc6.ppc.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-debuginfo-3.0.24-1.fc6.x86_64.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-swat-3.0.24-1.fc6.i386.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-swat-3.0.24-1.fc6.ppc.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• RedHat Fedora samba-swat-3.0.24-1.fc6.x86_64.rpm
  Fedora Core 6
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


• Slackware samba-3.0.24-i486-1_slack11.0.tgz
  Slackware 11.0
  ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ samba-3.0.24-i486-1_slack11.0.tgz


• Slackware samba-3.0.24-i486-1_slack11.0.tgz
  Slackware 11.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ samba-3.0.24-i486-1_slack11.0.tgz

Samba Samba 3.0.23b

• Mandriva libsmbclient0-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libsmbclient0-devel-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libsmbclient0-static-devel-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva mount-cifs-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva nss_wins-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-3.0.23d-2.1mdv2007.0.src.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-client-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-common-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-doc-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-server-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-smbldap-tools-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-swat-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-clamav-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-icap-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-winbind-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download

Sun Solaris 10_x86

• Sun 119758-05
  http://sunsolve.sun.com/patches/

HP HP-UX B.11.23

• HP A.02.03.01
  http://www.hp.com/go/softwaredepot/

HP HP-UX B.11.11

• HP A.02.03.01
  http://www.hp.com/go/softwaredepot/

Sun Solaris 9

• Sun 114684-08
  http://sunsolve.sun.com/patches/

Sun Solaris 9_x86

• Sun 114685-08
  http://sunsolve.sun.com/patches/

Samba Samba 3.0.23d

• Mandriva libsmbclient0-static-devel-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva mount-cifs-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva nss_wins-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-3.0.23d-2.1mdv2007.0.src.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-client-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-common-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-doc-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-server-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-smbldap-tools-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-vscan-icap-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva samba-winbind-3.0.23d-2.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Samba samba-3.0.23d-CVE-2007-0452.patch
  http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 2.patch


• SuSE samba-3.0.23d-19.2.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/samba-3.0.23d-19.2.i5 86.rpm


• SuSE samba-3.0.23d-19.2.ppc.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/samba-3.0.23d-19.2.ppc .rpm


• SuSE samba-3.0.23d-19.2.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/samba-3.0.23d-19.2. x86_64.rpm


• SuSE samba-32bit-3.0.23d-19.2.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/samba-32bit-3.0.23d -19.2.x86_64.rpm


• SuSE samba-client-3.0.23d-19.2.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/samba-client-3.0.23d- 19.2.i586.rpm


• SuSE samba-client-3.0.23d-19.2.ppc.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/samba-client-3.0.23d-1 9.2.ppc.rpm


• SuSE samba-client-3.0.23d-19.2.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/samba-client-3.0.23 d-19.2.x86_64.rpm


• SuSE samba-client-32bit-3.0.23d-19.2.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/samba-client-32bit- 3.0.23d-19.2.x86_64.rpm


• SuSE samba-winbind-3.0.23d-19.2.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/samba-winbind-3.0.23d -19.2.i586.rpm


• SuSE samba-winbind-3.0.23d-19.2.ppc.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/samba-winbind-3.0.23d- 19.2.ppc.rpm


• SuSE samba-winbind-3.0.23d-19.2.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/samba-winbind-3.0.2 3d-19.2.x86_64.rpm


• SuSE samba-winbind-32bit-3.0.23d-19.2.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/samba-winbind-32bit -3.0.23d-19.2.x86_64.rpm

HP HP-UX B.11.31

• HP A.02.03.01
  http://www.hp.com/go/softwaredepot/

Samba Samba 3.0.3

• Samba samba-3.0.23d-CVE-2007-0452.patch
  http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 2.patch

Samba Samba 3.0.4 -r1

• Samba samba-3.0.23d-CVE-2007-0452.patch
  http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 2.patch

Samba Samba 3.0.4

• Samba samba-3.0.23d-CVE-2007-0452.patch
  http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 2.patch


• Slackware samba-3.0.24-i486-1_slack10.0.tgz
  Slackware 10.0
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ samba-3.0.24-i486-1_slack10.0.tgz


• Slackware samba-3.0.24-i486-1_slack10.0.tgz
  Slackware 10.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ samba-3.0.24-i486-1_slack10.0.tgz

Samba Samba 3.0.5

• Samba samba-3.0.23d-CVE-2007-0452.patch
  http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 2.patch

Samba Samba 3.0.6

• Samba samba-3.0.23d-CVE-2007-0452.patch
  http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 2.patch