CVE-2010-3069

Published: 14 September 2010

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

Priority

Status

Package	Release	Status
samba Launchpad, Ubuntu, Debian	upstream	Released (3.5.5)
	dapper	Released (3.0.22-1ubuntu3.13)
	hardy	Released (3.0.28a-1ubuntu4.13)
	jaunty	Released (2:3.3.2-1ubuntu3.6)
	karmic	Released (2:3.4.0-3ubuntu5.7)
	lucid	Released (2:3.4.7~dfsg-1ubuntu3.2)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069
https://ubuntu.com/security/notices/USN-987-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.samba.org/show_bug.cgi?id=7669

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›