Debian: samba Multiple vulnerabilities

    Date15 Mar 2003
    CategoryDebian
    2705
    Posted ByLinuxSecurity Advisories
    A buffer overflow and race condition vulnerabilities have been fixed. These vulnerabilities may lead to remote root compromise.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-262-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    March 15, 2003
    ------------------------------------------------------------------------
    
    
    Package        : samba
    Problem type   : remote exploit
    Debian-specific: no
    CVE ids        : CAN-2003-0085 CAN-2003-0086
    
    Sebastian Krahmer of the SuSE security audit team found two problems
    in samba, a popular SMB/CIFS implementation. The problems are:
    
    * a buffer overflow in the SMB/CIFS packet fragment re-assembly code
      used by smbd.  Since smbd runs as root an attacker can use this to
      gain root access to a machine running smbd.
    
    * the code to write reg files was vulnerable for a chown race which made
      it possible for a local user to overwrite system files
    
    Both problems have been fixed in upstream version 2.2.8, and version
    2.2.3a-12.1 of package for Debian GNU/Linux 3.0/woody.
    
    ------------------------------------------------------------------------
    
    Obtaining updates:
    
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
    
      With apt:
        deb  http://security.debian.org/ stable/updates main
            added to /etc/apt/sources.list will provide security updates
    
    Additional information can be found on the Debian security webpages
    at  http://www.debian.org/security/
    
    ------------------------------------------------------------------------
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      No fixes for potato are available at this moment.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc. Updated packages for m68k are not available
      at this moment.
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.dsc
          Size/MD5 checksum:     1417 f8ba1f1c191d72245498fe8517b34dfb
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
          Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.diff.gz
          Size/MD5 checksum:   105954 c4f722541096dbdc492b3e37d532a457
    
      Architecture independent packages:
    
         http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.1_all.deb
          Size/MD5 checksum:  2446596 09b98f69fe6fa23543824c13c5ef98c5
    
      alpha architecture (DEC Alpha)
    
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:   622740 53102afe9bc7357abaac9e6d163cff15
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:   600148 cdb00b063309e1bc314c013a2ab7df9d
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:  1131054 9cf909b0e8b1a71945addbdb0a5b4051
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:   949532 3310dbdefcc1062ad3d940df6448d106
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:  1106444 26f1822f7a466d546b8d131e244b9403
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:  2955638 108a1e79c6e0f4d35d239fa0da5d2af2
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:   415342 1e0d39fbdd1b4adabc4e83efc9652ade
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:   489330 4cc41e31ca14bca6c627885bf4158306
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_alpha.deb
          Size/MD5 checksum:  1155752 96fc4d4fba8d5144eca524dab0d3f676
    
      arm architecture (ARM)
    
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   999684 e9a198658e31008f2029911fa8f3e6c6
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   829522 62dec09d61eacb27021e2bd7285a1485
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   555796 cf1ed859a65e3918290b046ebb94714e
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   460742 b76711eedb3c58557919017bef9b66f3
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:  1021712 6274000513467291e4e2e636e49e3caa
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   546112 1e971721816bd8c5dfdc76e853adc81f
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   972556 2b2785914b1de3cd4f5b54a71aafa977
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:  2541432 52be6e56a2870f7bbb88ed00fb4e6197
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_arm.deb
          Size/MD5 checksum:   396296 ba0077d84e96b8de2958a1a3d0b0c7ab
    
      hppa architecture (HP PA RISC)
    
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:  2790802 666ba6b6075a9c43d44cee7d66ed654d
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:   589754 6d80091312fc5a721ab3216785fd8d73
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:  1081314 09ea41541c03f8e1c7da6a6c3e6bb437
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:   490812 2757ce04bf7ba705992ef6c5b42da943
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:  1084730 84eb32632058606e10dfc8b4d7a72552
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:   589142 df11a8ed279bcc3461ca8a2a08c5e1db
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:   901054 75e9ed419e91cce810e286f245b7a5ed
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:   419358 a90c8c66a1370a973a8d757c112704e0
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_hppa.deb
          Size/MD5 checksum:  1059718 c8bcd60bc3d799753215fffd840aec78
    
      i386 architecture (Intel ia32)
    
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   953846 2ddc41e683b123557c4f95a6d729f650
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:  2417120 40e0ab43c7c2a05b4321acfe5b3ae92a
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   535058 641d95a5c5a27922448fad10b9b8faf5
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   930150 ffb594a4b2b89818b05fab828d3cbc2f
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   446010 91462c2c5f11ded29d923b1056d4a7f5
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   793204 d82a61e9731f157a20f26748e3301b5a
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   993054 27c24ec813a504eb098f3c6bff1d0648
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   388574 290c9c668bc96ea9d05713e3d6fa0301
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_i386.deb
          Size/MD5 checksum:   499736 bf6b7464efc203709fee5bcaf5de2f4d
    
      ia64 architecture (Intel ia64)
    
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:  3487288 620b57d229cababb19cf11292343a4f5
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:   695242 c2801159a9ae051c27507bbc102115b9
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:  1097430 43756ff78b0400a834b8a818399c2e30
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:  1328162 1de9184ba777c75e8d64d54cdaeeda21
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:  1248348 90d5fa39afefc9a48212a9bf06bac0db
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:  1281494 70a87465a6370a37bb3add200a20d806
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:   461376 cdc7a75cbe2a4ca4aea3151190f975d4
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:   553364 373b3d6335bc8898195703be951d2c35
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_ia64.deb
          Size/MD5 checksum:   624498 f3f89a26c5efba738d74edb5a898cac1
    
      mips architecture (MIPS (Big Endian))
    
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:  1027468 fbb755a07a56430713f039b4926ac50d
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:   569254 a293262cf7c26940df99859b296d4305
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:  1078026 a149c42542eda0b32ccfb69131e2238c
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:   910160 4f994a4ed297fb00bc2cd015c26a0cc4
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:   395814 1b4cd57c7ce2bfbe1fde054ebbd43c8d
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:   580840 ec476202e7871294587777f2a2c84b8c
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:  2803220 8ff0254ff5f06a73d2e0ea7da445e897
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:   459092 5be701b06e8a8cd2743d46e9fc51ff77
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_mips.deb
          Size/MD5 checksum:  1088036 d0c0c9ee281aacaff919b27f6c9d1b34
    
      mipsel architecture (MIPS (Little Endian))
    
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:  1014748 56509d2718ca53e71f91a4be3abe41ea
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:  1075490 c225c5f47f3265e7993aa5c8a61263c4
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:   576358 41e83b24d1397cb8f110b384c7d92abc
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:   453662 3b167bf61b72b025dde36b128e743c71
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:  2763676 200e4a3cc98a76029a91660053a8af51
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:   562180 b9be983799efeebedae75b92cbe0ac1f
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:   896746 4542a9d8768065507f8f095fced8be53
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:  1071216 647dff52bda6360f48955a872e58c1af
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_mipsel.deb
          Size/MD5 checksum:   391904 d5dfa893c8e6a014b4fbf39c4adada22
    
      powerpc architecture (PowerPC)
    
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:   545998 2189d56eb150c7854160198e2290c92f
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:   408620 13d6efd82e9c3667219171a4e05eff58
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:   475424 4ed09f39f249dc22efd38d2e830985b8
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:  2607232 93845aefa1341db335442745fce21223
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:   852294 59421f785ec7f732f6db592441d36292
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:   560704 86cb4acb79c9cbe46564612f04316027
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:  1021260 4f9d182203cc960d403e3baf6d2ca700
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:  1036430 8f48a7fae3a659a87980d15eb2e6e31b
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_powerpc.deb
          Size/MD5 checksum:  1001326 b3108080930f871f11b6e8e5dd27a9bf
    
      s390 architecture (IBM S/390)
    
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:  2495850 bec14c674dfb41568fafba16a97a811d
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:  1007974 5b1dc0d8a8bb2ac1c12f0b251227bc51
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   982464 dbb0ce460a451678c67f76c6651ce605
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   833018 769bfaff5073e6781c22328364f253be
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   965494 dc884757e2802825d73a3b96aec742c8
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   402948 63a7dd67f7b2a146f605be2caab2c268
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   469722 7a118704ee394d6db0341d00b5bea9c3
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   537542 ccb4499ae9c39ce6f3062f20f5a2fc5a
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_s390.deb
          Size/MD5 checksum:   526406 93cfd2a823cdf2b8777f850adcf1b2e4
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   985124 d67741960205804cc13b484faff1cbe1
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   400260 f7af05064c5e6a71c4e02508d33166f6
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   523622 0263afefd2b8996020606bd24ca31113
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:  1011064 bc53ee49e2bc41c41ae72728c7de6e40
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   829240 23b17ba07f9632b1aa1773475b5efbf3
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:  2513176 7d3cd01177cb74e80fcba81999420246
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   461672 11f5846a4876eb91bd88f8e829803091
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   964150 572b0a10fcddd6786c9b5c09d80953f2
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_sparc.deb
          Size/MD5 checksum:   543372 4790b19c4feea9603d444970d61f45b5
    
    --
    ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    http://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.