Debian 3.0 DSA-262-1 Critical: Samba Remote Access Exploit
debian
March 15, 2003
A buffer overflow and race condition vulnerabilities have been fixed
Topics Covered
Summary
Package : samba
Problem type : remote exploit
Debian-specific: no
CVE ids : CAN-2003-0085 CAN-2003-0086
Sebastian Krahmer of the SuSE security audit team found two problems
in samba, a popular SMB/CIFS implementation. The problems are:
* a buffer overflow in the SMB/CIFS packet fragment re-assembly code
used by smbd. Since smbd runs as root an attacker can use this to
gain root access to a machine running smbd.
* the code to write reg files was vulnerable for a chown race which made
it possible for a local user to overwrite system files
Both problems have been fixed in upstream version 2.2.8, and version
2.2.3a-12.1 of package for Debian GNU/Linux 3.0/woody.
------------------------------------------------------------------------
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!