Samba 3.5.5 security release

Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba 3.5.5 is a security release in order to address CVE-2010-3069.

All Samba versions released until now are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID).

This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.




Share this