Hewlett-Packard Company Information for VU#267873

Samba contains multiple buffer overflows

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 ---------------------------------------
Source:

 Source: HEWLETT-PACKARD COMPANY
              Software Security Response Team


 Published: SECURITY BULLETIN

          HPSBUX0304-254

 Originally issued: 09 April 2003

 SSRT3536 Potential Security Vulnerability in
                   CIFS/9000 Server

    CIFS/9000 Server is potentially vulnerable to altered
   SMB/CIFS network messages.

    Note:  Although having similar descriptions, this is a
              different vulnerability from that described in
              HPSBUX0303-251 SSRT3509 Potential Security
              Vulnerability in CIFS/9000 Server.
   Using the fix described in this bulletin will correct both
   vulnerabilities.

    NOTE: Using your itrc account security bulletins can be
   found here:
   
http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin

    Note: The following are not vulnerable:
   --------------------------------------------

            HP OpenVMS
           HP NonStop Servers
           HP Secure Web Servers for HP Tru64 UNIX
           HP Secure Web Servers for HP Tru64 OpenVMS


To report potential security vulnerabilities in HP software,
send an E-mail message to:
mailto:security-alert@hp.com



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBPpSZhDnTu2ckvbFuEQK9vQCeKGkqYmGB1hvQktsd4zzCVbUTPjUAoN1V
rYSaNyLeXqcqGvdb0U+hIwVa
=59Tc
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.