FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1583640d-be20-11dd-a578-0030843d3802samba -- potential leakage of arbitrary memory contents

Samba Team reports:

Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to servers and back using small SMB requests and contain two offsets: One offset (A) pointing into the PDU sent by the client and one (B) to direct the transferred contents into the buffer built on the server side. While the range checking for offset (B) is correct, a cut and paste error lets offset (A) pass completely unchecked against overflow.

The buffers passed into trans, trans2 and nttrans undergo higher-level processing like DCE/RPC requests or listing directories. The missing bounds check means that a malicious client can make the server do this higher-level processing on arbitrary memory contents of the smbd process handling the request. It is unknown if that can be abused to pass arbitrary memory contents back to the client, but an important barrier is missing from the affected Samba versions.


Discovery 2008-11-27
Entry 2008-11-29
samba
samba3
ja-samba
ge 3.0.29,1 lt 3.0.32_2,1

samba32-devel
lt 3.2.4_1

CVE-2008-4314
http://www.samba.org/samba/security/CVE-2008-4314.html
http://secunia.com/advisories/32813/
1583640d-be20-11dd-a578-0030843d3802samba -- potential leakage of arbitrary memory contents

Samba Team reports:

Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to servers and back using small SMB requests and contain two offsets: One offset (A) pointing into the PDU sent by the client and one (B) to direct the transferred contents into the buffer built on the server side. While the range checking for offset (B) is correct, a cut and paste error lets offset (A) pass completely unchecked against overflow.

The buffers passed into trans, trans2 and nttrans undergo higher-level processing like DCE/RPC requests or listing directories. The missing bounds check means that a malicious client can make the server do this higher-level processing on arbitrary memory contents of the smbd process handling the request. It is unknown if that can be abused to pass arbitrary memory contents back to the client, but an important barrier is missing from the affected Samba versions.


Discovery 2008-11-27
Entry 2008-11-29
samba
samba3
ja-samba
ge 3.0.29,1 lt 3.0.32_2,1

samba32-devel
lt 3.2.4_1

CVE-2008-4314
http://www.samba.org/samba/security/CVE-2008-4314.html
http://secunia.com/advisories/32813/