reinit the tree, so we can have metadata

1 files changed, 69 insertions, 0 deletions

diff --git a/metadata/glsa/glsa-200409-16.xml b/metadata/glsa/glsa-200409-16.xml
new file mode 100644
index 000000000000..420837d7c779
--- /dev/null
+++ b/metadata/glsa/glsa-200409-16.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200409-16">
+  <title>Samba: Denial of Service vulnerabilities</title>
+  <synopsis>
+    Two Denial of Service vulnerabilities have been found and fixed in Samba.
+  </synopsis>
+  <product type="ebuild">Samba</product>
+  <announced>2004-09-13</announced>
+  <revised>2004-09-13: 01</revised>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">3.0.7</unaffected>
+      <unaffected range="lt">3.0</unaffected>
+      <vulnerable range="lt">3.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Samba is a freely available SMB/CIFS implementation which allows seamless
+    interoperability of file and print services to other SMB/CIFS clients. smbd
+    and nmbd are two daemons used by the Samba server.
+    </p>
+  </background>
+  <description>
+    <p>
+    There is a defect in smbd's ASN.1 parsing. A bad packet received during the
+    authentication request could throw newly-spawned smbd processes into an
+    infinite loop (CAN-2004-0807). Another defect was found in nmbd's
+    processing of mailslot packets, where a bad NetBIOS request could crash the
+    nmbd process (CAN-2004-0808).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A remote attacker could send specially crafted packets to trigger both
+    defects. The ASN.1 parsing issue can be exploited to exhaust all available
+    memory on the Samba host, potentially denying all service to that server.
+    The nmbd issue can be exploited to crash the nmbd process, resulting in a
+    Denial of Service condition on the Samba server.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Samba 3.x users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+
+    # emerge -pv "&gt;=net-fs/samba-3.0.7"
+    # emerge "&gt;=net-fs/samba-3.0.7"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807">CAN-2004-0807</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808">CAN-2004-0808</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2004-09-11T15:16:21Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-09-13T12:15:40Z">
+    jaervosz
+  </metadata>
+</glsa>