On Wed, Sep 29, 2010 at 03:51:01PM +0530, ssamba321 s321 wrote: > We are trying to fix the CVE-2010-3069 ( Buffer Overrun Vulnerability ) in > the Samba 3.0.28a Source code. > According to Samba-3.3.13-CVE-2010-3069 patch, we have changed the code > of Samba 3.0.28a.We are unable to modify > samba-3.0.28a(source/smbd/nttrance.c ) code due to following reason. > > In the Samba-3.3-13 /source/smbd/nttrance.c we are using "req" that of > "struct smb_request" type as a parameter in the call_nt_transact_ioctl , > call_nt_transact_get_user_quota and call_nt_transact_set_user_quota > functions.But there is no "req" in the 3.0.28a code.We are facing the > problem where we have to change the code of Samba 3.0.28.a. > > > Any suggestions please help us...
Sorry, but the Samba Team has discontinued support for 3.0 more than a year ago. However, quite a few distributors like RedHat and probably debian have backported the security to their shipped versions of Samba 3.0. ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm is the current RedHat RPM. Contained in that RPM is a file called samba-3.0.37-CVE-2010-3069.patch, which might be a bit closer to what you need. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
