Applies to: Centrify-Enabled Samba 3.3.9-4.3.1-145 or lower
Does the Samba security alert - CVE-2010-3069 (below) affect Centrify-Enabled Samba ?
All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code)do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.
A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
CVE-2010-3069 affects all versions of Samba from 3.0 to 3.5 hence our current Centrify-Enabled Samba 3.3.9-4.3.1-145 is also affected and needs to be patched. We are currently working to deliver a patched samba release as soon as possible. An email notification will be sent to all customer as soon as it is available.
To subscribe to further security notices please click on the below forum links and choose to "Watch" them for updates.
Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy. Customers should contact the vendor if there are any further questions