CVE-2011-0719

Published: 28 February 2011

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.

Priority

Status

Package	Release	Status
samba Launchpad, Ubuntu, Debian	upstream	Released (3.5.7)
	dapper	Released (3.0.22-1ubuntu3.14)
	hardy	Released (3.0.28a-1ubuntu4.14)
	karmic	Released (2:3.4.0-3ubuntu5.8)
	lucid	Released (2:3.4.7~dfsg-1ubuntu3.4)
	maverick	Released (2:3.5.4~dfsg-1ubuntu8.3)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719
http://www.samba.org/samba/security/CVE-2011-0719
https://ubuntu.com/security/notices/USN-1075-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.samba.org/show_bug.cgi?id=7949

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›