Debian 3.0 DSA-200-1 Critical: Samba Remote Exploit Buffer Overflow
debian
November 22, 2002
There was a bug in the length checking for encrypted password change requests from clients.
Topics Covered
Summary
Package : samba
Problem type : remote exploit
Debian-specific: no
Steve Langasek found an exploitable bug in the password handling
code in samba: when converting from DOS code-page to little endian
UCS2 unicode a buffer length was not checked and a buffer could
be overflowed. There is no known exploit for this, but an upgrade
is strongly recommended.
This problem has been fixed in version 2.2.3a-12 of the Debian
samba packages and upstream version 2.2.7.
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at Debian -- Security Information
Debian GNU/Linux 3.0 alias woody
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc. At this moments updates for...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!