------------------------------------------------------------------------
Debian Security Advisory DSA-262-1                   security@debian.org 
Debian -- Security Information                          Wichert Akkerman
March 15, 2003
------------------------------------------------------------------------


Package        : samba
Problem type   : remote exploit
Debian-specific: no
CVE ids        : CAN-2003-0085 CAN-2003-0086

Sebastian Krahmer of the SuSE security audit team found two problems
in samba, a popular SMB/CIFS implementation. The problems are:

* a buffer overflow in the SMB/CIFS packet fragment re-assembly code
  used by smbd.  Since smbd runs as root an attacker can use this to
  gain root access to a machine running smbd.

* the code to write reg files was vulnerable for a chown race which made
  it possible for a local user to overwrite system files

Both problems have been fixed in upstream version 2.2.8, and version
2.2.3a-12.1 of package for Debian GNU/Linux 3.0/woody.

------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  Debian -- Security Information  stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at  Debian -- Security Information 

------------------------------------------------------------------------


Debian GNU/Linux 2.2 alias potato
---------------------------------

  No fixes for potato are available at this moment.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. Updated packages for m68k are not available
  at this moment.

  Source archives:

      
      Size/MD5 checksum:     1417 f8ba1f1c191d72245498fe8517b34dfb
      
      Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254
      
      Size/MD5 checksum:   105954 c4f722541096dbdc492b3e37d532a457

  Architecture independent packages:

      
      Size/MD5 checksum:  2446596 09b98f69fe6fa23543824c13c5ef98c5

  alpha architecture (DEC Alpha)

      
      Size/MD5 checksum:   622740 53102afe9bc7357abaac9e6d163cff15
      
      Size/MD5 checksum:   600148 cdb00b063309e1bc314c013a2ab7df9d
      
      Size/MD5 checksum:  1131054 9cf909b0e8b1a71945addbdb0a5b4051
      
      Size/MD5 checksum:   949532 3310dbdefcc1062ad3d940df6448d106
      
      Size/MD5 checksum:  1106444 26f1822f7a466d546b8d131e244b9403
      
      Size/MD5 checksum:  2955638 108a1e79c6e0f4d35d239fa0da5d2af2
      
      Size/MD5 checksum:   415342 1e0d39fbdd1b4adabc4e83efc9652ade
      
      Size/MD5 checksum:   489330 4cc41e31ca14bca6c627885bf4158306
      
      Size/MD5 checksum:  1155752 96fc4d4fba8d5144eca524dab0d3f676

  arm architecture (ARM)

      
      Size/MD5 checksum:   999684 e9a198658e31008f2029911fa8f3e6c6
      
      Size/MD5 checksum:   829522 62dec09d61eacb27021e2bd7285a1485
      
      Size/MD5 checksum:   555796 cf1ed859a65e3918290b046ebb94714e
      
      Size/MD5 checksum:   460742 b76711eedb3c58557919017bef9b66f3
      
      Size/MD5 checksum:  1021712 6274000513467291e4e2e636e49e3caa
      
      Size/MD5 checksum:   546112 1e971721816bd8c5dfdc76e853adc81f
      
      Size/MD5 checksum:   972556 2b2785914b1de3cd4f5b54a71aafa977
      
      Size/MD5 checksum:  2541432 52be6e56a2870f7bbb88ed00fb4e6197
      
      Size/MD5 checksum:   396296 ba0077d84e96b8de2958a1a3d0b0c7ab

  hppa architecture (HP PA RISC)

      
      Size/MD5 checksum:  2790802 666ba6b6075a9c43d44cee7d66ed654d
      
      Size/MD5 checksum:   589754 6d80091312fc5a721ab3216785fd8d73
      
      Size/MD5 checksum:  1081314 09ea41541c03f8e1c7da6a6c3e6bb437
      
      Size/MD5 checksum:   490812 2757ce04bf7ba705992ef6c5b42da943
      
      Size/MD5 checksum:  1084730 84eb32632058606e10dfc8b4d7a72552
      
      Size/MD5 checksum:   589142 df11a8ed279bcc3461ca8a2a08c5e1db
      
      Size/MD5 checksum:   901054 75e9ed419e91cce810e286f245b7a5ed
      
      Size/MD5 checksum:   419358 a90c8c66a1370a973a8d757c112704e0
      
      Size/MD5 checksum:  1059718 c8bcd60bc3d799753215fffd840aec78

  i386 architecture (Intel ia32)

      
      Size/MD5 checksum:   953846 2ddc41e683b123557c4f95a6d729f650
      
      Size/MD5 checksum:  2417120 40e0ab43c7c2a05b4321acfe5b3ae92a
      
      Size/MD5 checksum:   535058 641d95a5c5a27922448fad10b9b8faf5
      
      Size/MD5 checksum:   930150 ffb594a4b2b89818b05fab828d3cbc2f
      
      Size/MD5 checksum:   446010 91462c2c5f11ded29d923b1056d4a7f5
      
      Size/MD5 checksum:   793204 d82a61e9731f157a20f26748e3301b5a
      
      Size/MD5 checksum:   993054 27c24ec813a504eb098f3c6bff1d0648
      
      Size/MD5 checksum:   388574 290c9c668bc96ea9d05713e3d6fa0301
      
      Size/MD5 checksum:   499736 bf6b7464efc203709fee5bcaf5de2f4d

  ia64 architecture (Intel ia64)

      
      Size/MD5 checksum:  3487288 620b57d229cababb19cf11292343a4f5
      
      Size/MD5 checksum:   695242 c2801159a9ae051c27507bbc102115b9
      
      Size/MD5 checksum:  1097430 43756ff78b0400a834b8a818399c2e30
      
      Size/MD5 checksum:  1328162 1de9184ba777c75e8d64d54cdaeeda21
      
      Size/MD5 checksum:  1248348 90d5fa39afefc9a48212a9bf06bac0db
      
      Size/MD5 checksum:  1281494 70a87465a6370a37bb3add200a20d806
      
      Size/MD5 checksum:   461376 cdc7a75cbe2a4ca4aea3151190f975d4
      
      Size/MD5 checksum:   553364 373b3d6335bc8898195703be951d2c35
      
      Size/MD5 checksum:   624498 f3f89a26c5efba738d74edb5a898cac1

  mips architecture (MIPS (Big Endian))

      
      Size/MD5 checksum:  1027468 fbb755a07a56430713f039b4926ac50d
      
      Size/MD5 checksum:   569254 a293262cf7c26940df99859b296d4305
      
      Size/MD5 checksum:  1078026 a149c42542eda0b32ccfb69131e2238c
      
      Size/MD5 checksum:   910160 4f994a4ed297fb00bc2cd015c26a0cc4
      
      Size/MD5 checksum:   395814 1b4cd57c7ce2bfbe1fde054ebbd43c8d
      
      Size/MD5 checksum:   580840 ec476202e7871294587777f2a2c84b8c
      
      Size/MD5 checksum:  2803220 8ff0254ff5f06a73d2e0ea7da445e897
      
      Size/MD5 checksum:   459092 5be701b06e8a8cd2743d46e9fc51ff77
      
      Size/MD5 checksum:  1088036 d0c0c9ee281aacaff919b27f6c9d1b34

  mipsel architecture (MIPS (Little Endian))

      
      Size/MD5 checksum:  1014748 56509d2718ca53e71f91a4be3abe41ea
      
      Size/MD5 checksum:  1075490 c225c5f47f3265e7993aa5c8a61263c4
      
      Size/MD5 checksum:   576358 41e83b24d1397cb8f110b384c7d92abc
      
      Size/MD5 checksum:   453662 3b167bf61b72b025dde36b128e743c71
      
      Size/MD5 checksum:  2763676 200e4a3cc98a76029a91660053a8af51
      
      Size/MD5 checksum:   562180 b9be983799efeebedae75b92cbe0ac1f
      
      Size/MD5 checksum:   896746 4542a9d8768065507f8f095fced8be53
      
      Size/MD5 checksum:  1071216 647dff52bda6360f48955a872e58c1af
      
      Size/MD5 checksum:   391904 d5dfa893c8e6a014b4fbf39c4adada22

  powerpc architecture (PowerPC)

      
      Size/MD5 checksum:   545998 2189d56eb150c7854160198e2290c92f
      
      Size/MD5 checksum:   408620 13d6efd82e9c3667219171a4e05eff58
      
      Size/MD5 checksum:   475424 4ed09f39f249dc22efd38d2e830985b8
      
      Size/MD5 checksum:  2607232 93845aefa1341db335442745fce21223
      
      Size/MD5 checksum:   852294 59421f785ec7f732f6db592441d36292
      
      Size/MD5 checksum:   560704 86cb4acb79c9cbe46564612f04316027
      
      Size/MD5 checksum:  1021260 4f9d182203cc960d403e3baf6d2ca700
      
      Size/MD5 checksum:  1036430 8f48a7fae3a659a87980d15eb2e6e31b
      
      Size/MD5 checksum:  1001326 b3108080930f871f11b6e8e5dd27a9bf

  s390 architecture (IBM S/390)

      
      Size/MD5 checksum:  2495850 bec14c674dfb41568fafba16a97a811d
      
      Size/MD5 checksum:  1007974 5b1dc0d8a8bb2ac1c12f0b251227bc51
      
      Size/MD5 checksum:   982464 dbb0ce460a451678c67f76c6651ce605
      
      Size/MD5 checksum:   833018 769bfaff5073e6781c22328364f253be
      
      Size/MD5 checksum:   965494 dc884757e2802825d73a3b96aec742c8
      
      Size/MD5 checksum:   402948 63a7dd67f7b2a146f605be2caab2c268
      
      Size/MD5 checksum:   469722 7a118704ee394d6db0341d00b5bea9c3
      
      Size/MD5 checksum:   537542 ccb4499ae9c39ce6f3062f20f5a2fc5a
      
      Size/MD5 checksum:   526406 93cfd2a823cdf2b8777f850adcf1b2e4

  sparc architecture (Sun SPARC/UltraSPARC)

      
      Size/MD5 checksum:   985124 d67741960205804cc13b484faff1cbe1
      
      Size/MD5 checksum:   400260 f7af05064c5e6a71c4e02508d33166f6
      
      Size/MD5 checksum:   523622 0263afefd2b8996020606bd24ca31113
      
      Size/MD5 checksum:  1011064 bc53ee49e2bc41c41ae72728c7de6e40
      
      Size/MD5 checksum:   829240 23b17ba07f9632b1aa1773475b5efbf3
      
      Size/MD5 checksum:  2513176 7d3cd01177cb74e80fcba81999420246
      
      Size/MD5 checksum:   461672 11f5846a4876eb91bd88f8e829803091
      
      Size/MD5 checksum:   964150 572b0a10fcddd6786c9b5c09d80953f2
      
      Size/MD5 checksum:   543372 4790b19c4feea9603d444970d61f45b5

--
----------------------------------------------------------------------------
Debian Security team <team@security.debian.org> 
Debian -- Security Information 
Mailing-List: debian-security-announce@lists.debian.org

Debian: samba Multiple vulnerabilities

March 15, 2003
A buffer overflow and race condition vulnerabilities have been fixed

Summary

Package : samba
Problem type : remote exploit
Debian-specific: no
CVE ids : CAN-2003-0085 CAN-2003-0086

Sebastian Krahmer of the SuSE security audit team found two problems
in samba, a popular SMB/CIFS implementation. The problems are:

* a buffer overflow in the SMB/CIFS packet fragment re-assembly code
used by smbd. Since smbd runs as root an attacker can use this to
gain root access to a machine running smbd.

* the code to write reg files was vulnerable for a chown race which made
it possible for a local user to overwrite system files

Both problems have been fixed in upstream version 2.2.8, and version
2.2.3a-12.1 of package for Debian GNU/Linux 3.0/woody.

------------------------------------------------------------------------

Obtaining updates:

By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.

With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at Debian -- Security Information

------------------------------------------------------------------------


Debian GNU/Linux 2.2 alias potato
---------------------------------

No fixes for potato are available at this moment.


Debian GNU/Linux 3.0 alias woody
--------------------------------

Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc. Updated packages for m68k are not available
at this moment.

Source archives:


Size/MD5 checksum: 1417 f8ba1f1c191d72245498fe8517b34dfb

Size/MD5 checksum: 5460531 b6ec2f076af69331535a82b586f55254

Size/MD5 checksum: 105954 c4f722541096dbdc492b3e37d532a457

Architecture independent packages:


Size/MD5 checksum: 2446596 09b98f69fe6fa23543824c13c5ef98c5

alpha architecture (DEC Alpha)


Size/MD5 checksum: 622740 53102afe9bc7357abaac9e6d163cff15

Size/MD5 checksum: 600148 cdb00b063309e1bc314c013a2ab7df9d

Size/MD5 checksum: 1131054 9cf909b0e8b1a71945addbdb0a5b4051

Size/MD5 checksum: 949532 3310dbdefcc1062ad3d940df6448d106

Size/MD5 checksum: 1106444 26f1822f7a466d546b8d131e244b9403

Size/MD5 checksum: 2955638 108a1e79c6e0f4d35d239fa0da5d2af2

Size/MD5 checksum: 415342 1e0d39fbdd1b4adabc4e83efc9652ade

Size/MD5 checksum: 489330 4cc41e31ca14bca6c627885bf4158306

Size/MD5 checksum: 1155752 96fc4d4fba8d5144eca524dab0d3f676

arm architecture (ARM)


Size/MD5 checksum: 999684 e9a198658e31008f2029911fa8f3e6c6

Size/MD5 checksum: 829522 62dec09d61eacb27021e2bd7285a1485

Size/MD5 checksum: 555796 cf1ed859a65e3918290b046ebb94714e

Size/MD5 checksum: 460742 b76711eedb3c58557919017bef9b66f3

Size/MD5 checksum: 1021712 6274000513467291e4e2e636e49e3caa

Size/MD5 checksum: 546112 1e971721816bd8c5dfdc76e853adc81f

Size/MD5 checksum: 972556 2b2785914b1de3cd4f5b54a71aafa977

Size/MD5 checksum: 2541432 52be6e56a2870f7bbb88ed00fb4e6197

Size/MD5 checksum: 396296 ba0077d84e96b8de2958a1a3d0b0c7ab

hppa architecture (HP PA RISC)


Size/MD5 checksum: 2790802 666ba6b6075a9c43d44cee7d66ed654d

Size/MD5 checksum: 589754 6d80091312fc5a721ab3216785fd8d73

Size/MD5 checksum: 1081314 09ea41541c03f8e1c7da6a6c3e6bb437

Size/MD5 checksum: 490812 2757ce04bf7ba705992ef6c5b42da943

Size/MD5 checksum: 1084730 84eb32632058606e10dfc8b4d7a72552

Size/MD5 checksum: 589142 df11a8ed279bcc3461ca8a2a08c5e1db

Size/MD5 checksum: 901054 75e9ed419e91cce810e286f245b7a5ed

Size/MD5 checksum: 419358 a90c8c66a1370a973a8d757c112704e0

Size/MD5 checksum: 1059718 c8bcd60bc3d799753215fffd840aec78

i386 architecture (Intel ia32)


Size/MD5 checksum: 953846 2ddc41e683b123557c4f95a6d729f650

Size/MD5 checksum: 2417120 40e0ab43c7c2a05b4321acfe5b3ae92a

Size/MD5 checksum: 535058 641d95a5c5a27922448fad10b9b8faf5

Size/MD5 checksum: 930150 ffb594a4b2b89818b05fab828d3cbc2f

Size/MD5 checksum: 446010 91462c2c5f11ded29d923b1056d4a7f5

Size/MD5 checksum: 793204 d82a61e9731f157a20f26748e3301b5a

Size/MD5 checksum: 993054 27c24ec813a504eb098f3c6bff1d0648

Size/MD5 checksum: 388574 290c9c668bc96ea9d05713e3d6fa0301

Size/MD5 checksum: 499736 bf6b7464efc203709fee5bcaf5de2f4d

ia64 architecture (Intel ia64)


Size/MD5 checksum: 3487288 620b57d229cababb19cf11292343a4f5

Size/MD5 checksum: 695242 c2801159a9ae051c27507bbc102115b9

Size/MD5 checksum: 1097430 43756ff78b0400a834b8a818399c2e30

Size/MD5 checksum: 1328162 1de9184ba777c75e8d64d54cdaeeda21

Size/MD5 checksum: 1248348 90d5fa39afefc9a48212a9bf06bac0db

Size/MD5 checksum: 1281494 70a87465a6370a37bb3add200a20d806

Size/MD5 checksum: 461376 cdc7a75cbe2a4ca4aea3151190f975d4

Size/MD5 checksum: 553364 373b3d6335bc8898195703be951d2c35

Size/MD5 checksum: 624498 f3f89a26c5efba738d74edb5a898cac1

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 1027468 fbb755a07a56430713f039b4926ac50d

Size/MD5 checksum: 569254 a293262cf7c26940df99859b296d4305

Size/MD5 checksum: 1078026 a149c42542eda0b32ccfb69131e2238c

Size/MD5 checksum: 910160 4f994a4ed297fb00bc2cd015c26a0cc4

Size/MD5 checksum: 395814 1b4cd57c7ce2bfbe1fde054ebbd43c8d

Size/MD5 checksum: 580840 ec476202e7871294587777f2a2c84b8c

Size/MD5 checksum: 2803220 8ff0254ff5f06a73d2e0ea7da445e897

Size/MD5 checksum: 459092 5be701b06e8a8cd2743d46e9fc51ff77

Size/MD5 checksum: 1088036 d0c0c9ee281aacaff919b27f6c9d1b34

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 1014748 56509d2718ca53e71f91a4be3abe41ea

Size/MD5 checksum: 1075490 c225c5f47f3265e7993aa5c8a61263c4

Size/MD5 checksum: 576358 41e83b24d1397cb8f110b384c7d92abc

Size/MD5 checksum: 453662 3b167bf61b72b025dde36b128e743c71

Size/MD5 checksum: 2763676 200e4a3cc98a76029a91660053a8af51

Size/MD5 checksum: 562180 b9be983799efeebedae75b92cbe0ac1f

Size/MD5 checksum: 896746 4542a9d8768065507f8f095fced8be53

Size/MD5 checksum: 1071216 647dff52bda6360f48955a872e58c1af

Size/MD5 checksum: 391904 d5dfa893c8e6a014b4fbf39c4adada22

powerpc architecture (PowerPC)


Size/MD5 checksum: 545998 2189d56eb150c7854160198e2290c92f

Size/MD5 checksum: 408620 13d6efd82e9c3667219171a4e05eff58

Size/MD5 checksum: 475424 4ed09f39f249dc22efd38d2e830985b8

Size/MD5 checksum: 2607232 93845aefa1341db335442745fce21223

Size/MD5 checksum: 852294 59421f785ec7f732f6db592441d36292

Size/MD5 checksum: 560704 86cb4acb79c9cbe46564612f04316027

Size/MD5 checksum: 1021260 4f9d182203cc960d403e3baf6d2ca700

Size/MD5 checksum: 1036430 8f48a7fae3a659a87980d15eb2e6e31b

Size/MD5 checksum: 1001326 b3108080930f871f11b6e8e5dd27a9bf

s390 architecture (IBM S/390)


Size/MD5 checksum: 2495850 bec14c674dfb41568fafba16a97a811d

Size/MD5 checksum: 1007974 5b1dc0d8a8bb2ac1c12f0b251227bc51

Size/MD5 checksum: 982464 dbb0ce460a451678c67f76c6651ce605

Size/MD5 checksum: 833018 769bfaff5073e6781c22328364f253be

Size/MD5 checksum: 965494 dc884757e2802825d73a3b96aec742c8

Size/MD5 checksum: 402948 63a7dd67f7b2a146f605be2caab2c268

Size/MD5 checksum: 469722 7a118704ee394d6db0341d00b5bea9c3

Size/MD5 checksum: 537542 ccb4499ae9c39ce6f3062f20f5a2fc5a

Size/MD5 checksum: 526406 93cfd2a823cdf2b8777f850adcf1b2e4

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 985124 d67741960205804cc13b484faff1cbe1

Size/MD5 checksum: 400260 f7af05064c5e6a71c4e02508d33166f6

Size/MD5 checksum: 523622 0263afefd2b8996020606bd24ca31113

Size/MD5 checksum: 1011064 bc53ee49e2bc41c41ae72728c7de6e40

Size/MD5 checksum: 829240 23b17ba07f9632b1aa1773475b5efbf3

Size/MD5 checksum: 2513176 7d3cd01177cb74e80fcba81999420246

Size/MD5 checksum: 461672 11f5846a4876eb91bd88f8e829803091

Size/MD5 checksum: 964150 572b0a10fcddd6786c9b5c09d80953f2

Size/MD5 checksum: 543372 4790b19c4feea9603d444970d61f45b5

--
----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
Debian -- Security Information
Mailing-List: debian-security-announce@lists.debian.org





Severity

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved