Precompiled packages for various platforms are available in the
<a href="http://download.samba.org/samba/ftp/Binary_Packages/">Binary_Packages
download area</a>.</p>
-
+
+ <p class="headline">Security Notice -- CVE CAN-2004-0930</p>
+
+ <p>A security vulnerability has been located in Samba 3.0.x <= 3.0.7.
+ A bug in the input validation routines used to match
+ filename strings containing wildcard characters may allow
+ a user to consume more than normal amounts of CPU cycles
+ thus impacting the performance and response of the server.
+ In some circumstances the server can become entirely
+ unresponsive. The <a href="/samba/security/CAN-2004-0930.html">full security announcement</a>
+ is available online.</p>
+
+ <p>A <a href="/samba/ftp/patches/security/samba-3.0.7-CAN-2004-0930.patch">patch
+ for Samba 3.0.7</a> (<a href="/samba/ftp/patches/security/samba-3.0.7-CAN-2004-0930.patch.asc">signature</a>)
+ is available for those not wishing to upgrade to Samba 3.0.8.</p>
+
<h4><a>26 October 2004</a></h4>
<p class="headline">Samba 3.0.8pre2 Available for Download</p>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CAN-2004-0807 and CAN-2005-0808: Samba 3.0.x <= 3.0.6 DoS Vulnerabilities</H2>
+
+<p>
+<pre>
+Subject: Samba 3.0.x Denial of Service Flaw
+CVE #: CAN-2004-0807, CAN-2005-0808
+Affected
+Versions: Samba 3.0.x <= 3.0.6
+Summary: (i) A DoS bug in smbd may allow an
+ unauthenticated user to cause smbd to
+ spawn new processes each one entering
+ an infinite loop. After sending a sufficient
+ amount of packets it is possible to exhaust
+ the memory resources on the server.
+
+ (ii) A DoS bug in nmbd may allow an attacker
+ to remotely crash the nmbd daemon.
+
+
+Patch Availability
+------------------
+
+The patch file for Samba 3.0.5 addressing both bugs (samba-3.0.5-DoS.patch)
+can be downloaded from
+
+ http://www.samba.org/samba/ftp/patches/security/
+
+The patch has been signed with the "Samba Distribution Verification
+Key" (ID 2F87AF6F).
+
+
+Description
+-----------
+
+CAN-2004-0807: A defect in smbd's ASN.1 parsing allows an
+attacker to send a specially crafted packet during the
+authentication request which will send the newly spawned
+smbd process into an infinite loop. Given enough of these
+packets, it is possible to exhaust the available memory
+on the server.
+
+CAN-2004-0808: A defect in nmbd's process of mailslot packets
+can allow an attacker to anonymously crash nmbd.
+
+
+Protecting Unpatched Servers
+----------------------------
+
+The Samba Team always encourages users to run the latest stable
+release as a defense of against attacks. However, under certain
+circumstances it may not be possible to immediately upgrade
+important installations. In such cases, administrators should
+read the "Server Security" documentation found at
+http://www.samba.org/samba/docs/server_security.html.
+
+
+Credits
+--------
+
+Both security issues were reported to Samba developers by
+iDEFENSE (http://www.idefense.com/). The defect discovery
+was anonymously reported to iDEFENSE via their Vulnerability
+Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp).
+
+
+--
+Our Code, Our Bugs, Our Responsibility.
+
+ -- The Samba Team
+</pre>
+
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CAN-2004-0815: Potential Arbitrary File Access in Samba 2.2.x <=2.2.11 and 3.0.x <= 3.0.2a</H2>
+
+<p>
+<pre>
+Subject: Potential Arbitrary File Access
+CVE #: CAN-2004-0815
+Affected
+Versions: Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.2a
+
+Summary: A remote attacker may be able to gain access
+ to files which exist outside of the share's
+ defined path. Such files must still be readable
+ by the account used for the connection.
+
+
+Patch Availability
+------------------
+The patch for Samba 3.0.2a and earlier releases 3.0.x
+(samba-3.0.2a-reduce_name.patch) can be downloaded
+from http://www.samba.org/samba/ftp/patches/security/
+
+Samba 2.2.12 has been released to specifically address
+this bug.
+
+
+Description
+-----------
+
+A bug in the input validation routines used to convert DOS
+path names to path names on the Samba host's file system
+may be exploited to gain access to files outside of the
+share's path defined by smb.conf.
+
+
+Protecting Unpatched Servers
+----------------------------
+
+Samba file shares with 'wide links = no' (a non-default setting)
+in the service definition in smb.conf are *not* vulnerable to
+this attack.
+
+The Samba Team always encourages users to run the latest stable
+release as a defense of against attacks. However, under certain
+circumstances it may not be possible to immediately upgrade
+important installations. In such cases, administrators should
+read the "Server Security" documentation found at
+http://www.samba.org/samba/docs/server_security.html.
+
+
+Credits
+--------
+
+Both security issues were reported to Samba developers by
+iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited
+with this discovery.
+
+
+--
+Our Code, Our Bugs, Our Responsibility.
+
+ -- The Samba Team
+</pre>
+
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7</H2>
+
+<p>
+<pre>
+Subject: Potential Remote Denial of Service
+CVE #: CAN-2004-0930
+Affected
+Versions: Samba 3.0.x <= 3.0.7
+
+Summary: A remote attacker could cause and smbd process
+ to consume abnormal amounts of system resources
+ due to an input validation error when matching
+ filenames containing wildcard characters.
+
+
+Patch Availability
+------------------
+
+A patch for Samba 3.0.7 (samba-3.0.7-CAN-2004-0930.patch) is
+available from http://www.samba.org/samba/ftp/patches/security/.
+The patch has been signed with the "Samba Distribution Verification
+Key" (ID F17F9772).
+
+
+Description
+-----------
+
+A bug in the input validation routines used to match
+filename strings containing wildcard characters may allow
+a user to consume more than normal amounts of CPU cycles
+thus impacting the performance and response of the server.
+In some circumstances the server can become entirely
+unresponsive.
+
+
+Protecting Unpatched Servers
+----------------------------
+
+The Samba Team always encourages users to run the latest stable
+release as a defense of against attacks. However, under certain
+circumstances it may not be possible to immediately upgrade
+important installations. In such cases, administrators should
+read the "Server Security" documentation found at
+http://www.samba.org/samba/docs/server_security.html.
+
+
+Credits
+--------
+
+This security issue was reported to Samba developers by
+iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited
+with this discovery.
+
+
+
+--
+Our Code, Our Bugs, Our Responsibility.
+
+ -- The Samba Team
+</pre>
+
+</body>
+</html>