FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1583640d-be20-11dd-a578-0030843d3802	samba -- potential leakage of arbitrary memory contents Samba Team reports: Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to servers and back using small SMB requests and contain two offsets: One offset (A) pointing into the PDU sent by the client and one (B) to direct the transferred contents into the buffer built on the server side. While the range checking for offset (B) is correct, a cut and paste error lets offset (A) pass completely unchecked against overflow. The buffers passed into trans, trans2 and nttrans undergo higher-level processing like DCE/RPC requests or listing directories. The missing bounds check means that a malicious client can make the server do this higher-level processing on arbitrary memory contents of the smbd process handling the request. It is unknown if that can be abused to pass arbitrary memory contents back to the client, but an important barrier is missing from the affected Samba versions. Discovery 2008-11-27 Entry 2008-11-29 samba samba3 ja-samba ge 3.0.29,1 lt 3.0.32_2,1 samba32-devel < 3.2.4_1 CVE-2008-4314 http://www.samba.org/samba/security/CVE-2008-4314.html http://secunia.com/advisories/32813/

VuXML ID

Description

1583640d-be20-11dd-a578-0030843d3802

samba -- potential leakage of arbitrary memory contents

Samba Team reports:

Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to servers and back using small SMB requests and contain two offsets: One offset (A) pointing into the PDU sent by the client and one (B) to direct the transferred contents into the buffer built on the server side. While the range checking for offset (B) is correct, a cut and paste error lets offset (A) pass completely unchecked against overflow.

The buffers passed into trans, trans2 and nttrans undergo higher-level processing like DCE/RPC requests or listing directories. The missing bounds check means that a malicious client can make the server do this higher-level processing on arbitrary memory contents of the smbd process handling the request. It is unknown if that can be abused to pass arbitrary memory contents back to the client, but an important barrier is missing from the affected Samba versions.

Discovery 2008-11-27
Entry 2008-11-29
samba
samba3
ja-samba

ge 3.0.29,1 lt 3.0.32_2,1

samba32-devel

< 3.2.4_1

CVE-2008-4314
http://www.samba.org/samba/security/CVE-2008-4314.html
http://secunia.com/advisories/32813/