Bug 63019 (CVE-2004-0930)

Summary: VUL-0: CVE-2004-0930: Potential Remote Denial of Service +Vulnerability in Samba 3.0.x <= 3.0.7
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: heiko.rommel, lmuelle, patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0930: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: samba-3.0.7-CAN-2004-0930.patch

Description Marcus Meissner 2004-11-08 16:20:21 UTC 
From: "Gerald (Jerry) Carter" <jerry@samba.org>                                 
To: vendor-sec@lst.de                    
                   Subject: [vendor-sec] [SAMBA] CAN-2004-0930: Potential 
Remote Denial of Service  
+Vulnerability                                                                   
in Samba 3.0.x <= 3.0.7                                                         
 
                     This is just a heads up to all interested vendors about                         
a security announcement and release happening later today,                       
Nov 8.  The bug is fixed in 3.0.8.  Sorry for not giving                         
you more lead time on this one.                                                                                                                                  
Look for the public announcement around 09:00 CST (GMT-6)                       
Monday, Nov 8 (today).                                                           
                                                                                                                                                                 
                                                                                cheers, 
jerry                                                                    
                                                                                - 
----------------------------------------------------------                     
                                                                                                                                                                Subject:        
Potential Remote Denial of Service                               
CVE #:          CAN-2004-0930                                                   
Affected                                                                        
Versions:       Samba 3.0.x <= 3.0.7                                             
                                                                                 
Summary:        A remote attacker could cause and smbd process                                  
to consume abnormal amounts of system resources                  
                due to an input validation error when matching                                  
filenames containing wildcard characters.                        
                                                                                                                                                                 
Patch Availability                                                              
- ------------------                                                             
                                                                                A 
patch for Samba 3.0.7 has been attached to this announcement.                 
The patch has been signed with the "Samba Distribution Verification              
Key"  (key id F17F9772).                                                         
                                                                                 
                                                                                 
Description                                                                      
- -----------                                                                                                                                                    
A bug in the input validation routines used to match                            
filename strings containing wildcard characters may allow                        
a user to consume more than normal amounts of CPU cycles                         
thus impacting the performance and response of the server.                       
In some circumstances the server can become entirely                            
unresponsive.                                                                    
 
Protecting Unpatched Servers                                                    
- ----------------------------                                                   
                                                                                The 
Samba Team always encourages users to run the latest stable                  
release as a defense of against attacks.  However, under certain                 
circumstances it may not be possible to immediately upgrade                     
important installations.  In such cases, administrators should                   
read the "Server Security" documentation found at                               
http://www.samba.org/samba/docs/server_security.html.                            
                                                                                 
                                                                                 
Credits                                                                          
- --------                                                                       
                                                                                 
This security issue was reported to Samba developers by                         
iDEFENSE (http://www.idefense.com/).  Karol Wiesek is credited                   
with this discovery.                                                             
                                                                                                                                                                 
                                                                                - 
--                                                                             
Our Code, Our Bugs, Our Responsibility.                                                                                                                          
                                -- The Samba Team
Comment 1 Marcus Meissner 2004-11-08 16:20:22 UTC 
<!-- SBZ_reproduce  -->
n/a
Comment 2 Marcus Meissner 2004-11-08 16:21:30 UTC 
Created attachment 25863 [details]
samba-3.0.7-CAN-2004-0930.patch

patch to fix issue.
Comment 3 Lars Müller 2004-11-08 17:58:15 UTC 
Start to work on the fix for SLES 9, 9.1, and 9.2.
Comment 4 Lars Müller 2004-11-08 19:03:26 UTC 
Packages fixed, mbuilt, and submitted for SLES9 and 9.2.  Patchinfo files
written and submitted.  Assign to the securtity-team for further processing.
Comment 5 Marcus Meissner 2004-11-08 21:38:36 UTC 
thanks. i wrote a luafzettel already, waiting for checkin and qa now.
Comment 6 Lars Müller 2004-11-12 00:47:21 UTC 
Connect to a share with smbclient and call

dir ***********************************************a
Comment 7 Thomas Biege 2004-11-16 20:45:49 UTC 
packages approved, advisory released.
Comment 8 Thomas Biege 2009-10-13 19:58:57 UTC 
CVE-2004-0930: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)