Jerry Carter

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 2.2.11 Samba versions 3.0.6 rc1 and prior Description: A denial of service condition can be triggered in Samba servers by sending out of sequence printer ChangeNotify requests, causing a memory access violation and resulting in the server process terminating. This can be achieved by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify. Recommendations: For Samba versions prior to 2.2.11, update to version 2.2.11 or later to resolve the issue. For Samba versions 3.0.6 rc1 and prior, update to a version later than 3.0.6 rc1 to resolve the issue. As a temporary workaround, consider restricting access to the ChangeNotify requests to minimize the risk of exploitation.