the appropriate security concern. For complete information, follow the
link to full release notes for each release.</p>
+</table>
+
<table align="center" cellpadding="5" cellspacing="5">
<th colspan="6">Samba Security Releases</th>
- <tr align="center">
+ <tr align="center" valign="bottom">
<td><em>Date Issued</em></td>
<td><em>Download (Gzipped)</em></td>
<td><em>Known Issue(s)</em></td>
<td><em>CVE ID #</em></td>
<td><em>Complete Release Notes</em></td>
</tr>
- <tr align="center">
- <td>9 February 2004</td>
+
+ <tr align="center" valign="top">
+ <td>22 Jul 2004</td>
+ <td><a href="/samba/ftp/samba-3.0.5.tar.gz">Samba 3.0.5</a></td>
+ <td align="left">Two potential buffer overruns</td>
+ <td>>=3.0.2</td>
+ <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600">CAN-2004-0600</a>,
+ <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-06086">CAN-2004-0686</a>
+ </td>
+ <td><a href="/samba/whatsnew/samba-3.0.5.html">release notes</a></td>
+ </tr>
+
+ <tr align="center" valign="top">
+ <td>22 Jul 2004</td>
+ <td><a href="/samba/ftp/samba-2.2.10.tar.gz">Samba 2.2.10</a></td>
+ <td align="left">Buffer overrun in hash mangling method</td>
+ <td>all 2.2 releases</td>
+ <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-06086">CAN-2004-0686</a>
+ </td>
+ <td><a href="/samba/whatsnew/samba-2.2.10.html">release notes</a></td>
+ </tr>
+
+ <tr align="center" valign="top">
+ <td>9 Feb 2004</td>
<td><a href="/samba/ftp/old-versions/samba-3.0.2a.tar.gz">Samba 3.0.2a</a></td>
<td align="left">Password initialization bug that could grant
-an attacker unauthorized
-access to a user account created by the mksmbpasswd.sh shell script.</td>
- <td>Previous versions of Samba 3.0</td>
+ an attacker unauthorized
+ access to a user account created by the mksmbpasswd.sh shell script.</td>
+ <td>>=3.0.0</td>
<td><a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082">CAN-2004-
-0082</a></td>
+ href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082">CAN-2004-0082</a></td>
<td><a href="/samba/whatsnew/samba-3.0.2a.html">release notes</a></td>
</tr>
- <tr align="center">
- <td>7 April 2003</td>
+
+ <tr align="center" valign="top">
+ <td>7 Apr 2003</td>
<td><a href="/samba/ftp/old-versions/samba-2.2.8a.tar.gz">Samba 2.2.8a</a></td>
<td align="left">Buffer overrun condition in the SMB/CIFS packet fragment
-re-assembly code in smbd which would allow an attacker to cause smbd
-to overwrite arbitrary areas of memory in its own process address
-space. An attacker could inject binary specific exploit code into smbd.</td>
- <td>All releases from Samba 2.0.x to 2.2.7a inclusive</td>
+ re-assembly code.</td>
+ <td>all 2.0 releases and <= 2.2.8</td>
<td><a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-
-0201</a></td>
- <td><a href="/samba/whatsnew/samba-2.2.8.html">release notes</a></td>
+ href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-0201</a></td>
+ <td><a href="/samba/whatsnew/samba-2.2.8a.html">release notes</a></td>
</tr>
- <tr align="center">
- <td>10 December 2002</td>
+
+ <tr align="center" valign="top">
+ <td>10 Dec 2002</td>
<td><a href="/samba/ftp/old-versions/samba-2.2.7a.tar.gz">Samba 2.2.7a</a></td>
<td align="left">Bug in the length checking for encrypted password change
-requests from clients. An attacker could potentially send an encrypted
-password, which, when ecrypted with the old hashed password could be used as a
-buffer overrun attack on the stack of smbd.</td>
- <td>All releases from Samba 2.2.2 to 2.2.6 inclusive</td>
+ requests from clients.</td>
+ <td>2.2.2 - 2.2.6</td>
<td><a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-
-0201</a> & <a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085">CAN-2003-
-0085</a></td>
+ href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-0201</a> , <a
+ href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085">CAN-2003-0085</a></td>
<td><a href="/samba/whatsnew/samba-2.2.7a.html">release notes</a></td>
</tr>
</table>
+<br>
+<table border=0 width="75%" align="center">
+ <tr><td></td><td align="left">
+
+
<p><em>If you suspect you have discovered a serious security hole in a
Samba
release, please send an email to <a
href="mailto:security@samba.org">security@samba.org</a>.</em></p>
-<!--#include virtual="/samba/footer.html" -->
\ No newline at end of file
+<!--#include virtual="/samba/footer.html" -->