USN-314-1: samba vulnerability

13 July 2006

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description

Details

The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
samba - 3.0.22-1ubuntu3.1
Ubuntu 5.10
samba - 3.0.14a-6ubuntu1.1
Ubuntu 5.04
samba - 3.0.10-1ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References