- ------------------------------------------------------------------------
Debian Security Advisory DSA-200-1                   security@debian.org 
Debian -- Security Information                          Wichert Akkerman
November 22, 2002
- ------------------------------------------------------------------------


Package        : samba
Problem type   : remote exploit
Debian-specific: no

Steve Langasek found an exploitable bug in the password handling
code in samba: when converting from DOS code-page to little endian
UCS2 unicode a buffer length was not checked and a buffer could
be overflowed. There is no known exploit for this, but an upgrade
is strongly recommended.

This problem has been fixed in version 2.2.3a-12 of the Debian
samba packages and upstream version 2.2.7.


- ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  Debian -- Security Information  stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at  Debian -- Security Information 

- ------------------------------------------------------------------------


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. At this moments updates for m68k, mips and
  mipsel are not yet available.

  Source archives:

      
      Size/MD5 checksum:     1469 5db10f38dc411972fed1e8e79ac9e2cb
      
      Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254
      
      Size/MD5 checksum:   116834 55b9c9ed1e423608838b5493eec9f727

  Architecture independent packages:

      
      Size/MD5 checksum:  2446440 dca2cc174c245ee12e601f1ba2b115e9

  alpha architecture (DEC Alpha)

      
      Size/MD5 checksum:   415200 163bd412f5fd1ec9a2a125e0b1b024ba
      
      Size/MD5 checksum:   598938 037ca8de5dbf1462e0c17a88c7cd35bc
      
      Size/MD5 checksum:   946742 47bdd6c9a6088326e6842265e3de6f8e
      
      Size/MD5 checksum:  1130570 8f88729028cd3cd368435bc5feb282fb
      
      Size/MD5 checksum:   622300 c22e7b482598b6c61a99410d50e1c0d6
      
      Size/MD5 checksum:   488062 858e115dc3176c975c096e1328c08d49
      
      Size/MD5 checksum:  1105314 0bd614d744080ebd3383898871f73fd3
      
      Size/MD5 checksum:  1153962 8d1fcb828d6640136aaa93397fef3a4c
      
      Size/MD5 checksum:  2951852 f880e61a41534119a50a9ae282212421

  arm architecture (ARM)

      
      Size/MD5 checksum:   827734 e3592bb5e8c72aa3345176ac04374ae7
      
      Size/MD5 checksum:   971194 b57cf8b4f59e0494d40faa01727068d3
      
      Size/MD5 checksum:   555212 485db779cf0088b7517c16f9db37563c
      
      Size/MD5 checksum:  2538940 fcfac695c9519b47a1a8d88816567461
      
      Size/MD5 checksum:  1020942 1546a075896de1bdffcf7b94f73237c5
      
      Size/MD5 checksum:   396136 b89712a3f81a1517c03d72e92f2f0d8a
      
      Size/MD5 checksum:   545278 868d941841b8202fdd31e3abdfcccae0
      
      Size/MD5 checksum:   997842 b5ddde05fb712e4caece39742729587d
      
      Size/MD5 checksum:   460106 c172491c4ee37bf799984a365102ee2c

  hppa architecture (HP PA RISC)

      
      Size/MD5 checksum:   490226 27845f64f50ff1e878b6c35c630d6c33
      
      Size/MD5 checksum:   588196 f0cfc0eca799ac5367ac00d1fb557b07
      
      Size/MD5 checksum:  1058852 38f1ac012369422463a7795a5d8347c2
      
      Size/MD5 checksum:  1080408 33784c32dfe825aad5f8a532e960e1de
      
      Size/MD5 checksum:   419192 830dda3c6340905e50846b052e861633
      
      Size/MD5 checksum:   899680 c3a982a826f2e1e0741532ea9b3b713c
      
      Size/MD5 checksum:   589188 01adde49d328f27cc03dc07cf67680fe
      
      Size/MD5 checksum:  1083762 bfea5fc49e57c1605057777e9f3109e8
      
      Size/MD5 checksum:  2788718 7eb604a2b4a480096b695e5cd4d8da84

  i386 architecture (Intel ia32)

      
      Size/MD5 checksum:   445374 a85056ba4ba3b87ada684a8014eb7990
      
      Size/MD5 checksum:   928972 81833ccd4b60b1d29adcf7447ae22ca9
      
      Size/MD5 checksum:   792318 9f067eee4ed00ff7697f9564eff78b1f
      
      Size/MD5 checksum:   952666 ed2648d7c6b58ea6d7213c77c1f48bbd
      
      Size/MD5 checksum:   388394 bdd346a1fea3b494cbcb3cb11dc9ef96
      
      Size/MD5 checksum:  2415034 d868491571d191a813dbaf57a7d4708f
      
      Size/MD5 checksum:   992248 6c4ae105bed3341a7f75c72088fc6b4a
      
      Size/MD5 checksum:   499028 462a7b14146f2260605f812864b3d76f
      
      Size/MD5 checksum:   534722 9390c2ec3763ac36d0b721c5504b3e82

  ia64 architecture (Intel ia64)

      
      Size/MD5 checksum:   552692 042613b1ccb5558434143cf36ae80753
      
      Size/MD5 checksum:  1095708 fe153731989182f94daeed671f5b708b
      
      Size/MD5 checksum:   461212 ad9be5397fc945947a370532a0ff5255
      
      Size/MD5 checksum:  3486514 05bfbd1f12b7bd86bbdc4bc045a646ca
      
      Size/MD5 checksum:  1246972 dd178013fef5bc1dc26fcc3c26a2964b
      
      Size/MD5 checksum:  1326550 a682d63e46dba34ef0616c35aa162300
      
      Size/MD5 checksum:  1280400 e726e9a101dc51e01fa0b390821f7f1b
      
      Size/MD5 checksum:   694496 d0d3323d614f14a255c1f38a0c1d7a1e
      
      Size/MD5 checksum:   623720 a6c3b79db8d814cd528675a70065f8cf

  powerpc architecture (PowerPC)

      
      Size/MD5 checksum:  1000492 5e2514849a99dd1b692ceea3371417d1
      
      Size/MD5 checksum:   559952 423f249ff3691860668f428b754f7578
      
      Size/MD5 checksum:   545346 157d1833143dee0f5cad3585ea363e46
      
      Size/MD5 checksum:  1035624 e4b852940d6bdce313cb3e7b668e2c21
      
      Size/MD5 checksum:  1020036 eeaef7fe954149cc547266323ab64433
      
      Size/MD5 checksum:  2605718 a77c4fe21962efddb97160bad6220bbb
      
      Size/MD5 checksum:   851144 88fc9331f16c31a1ce2a07c82ffa98d7
      
      Size/MD5 checksum:   474558 19580f6109552c39453b9516aea7161b
      
      Size/MD5 checksum:   408470 a43d6edffd90cd457750226d18a914f9

  s390 architecture (IBM S/390)

      
      Size/MD5 checksum:   525784 7e251a6496d905a974d177c2f64968d8
      
      Size/MD5 checksum:   402670 45fe4eab1b2b2a5a453fb2fcb63d2bb8
      
      Size/MD5 checksum:   979614 9d159305c5bdf5f4d2859c70fea1fe49
      
      Size/MD5 checksum:   468906 ea0be1d14a305b21ffc2b61129756ee3
      
      Size/MD5 checksum:  1006360 25e9bdf52fdfa988f27ece4f0ed40dc2
      
      Size/MD5 checksum:   829674 9733bce59be83972d401bd860e450ad5
      
      Size/MD5 checksum:  2488818 06c9d8cb4d2f74d9befef7bdaf4585ae
      
      Size/MD5 checksum:   536106 8208c2b787bb676f3bcbefa2c39a5f57
      
      Size/MD5 checksum:   962980 be1472ede7611310f2f38f6ff1748c6d

  sparc architecture (Sun SPARC/UltraSPARC)

      
      Size/MD5 checksum:  2511036 f0ff0e99290754f16fa1908fdddb45fe
      
      Size/MD5 checksum:   827784 d9db5769e8cffc2c4f5b98782b500550
      
      Size/MD5 checksum:   400106 42c72cde09e8e2004e46409d1a126f04
      
      Size/MD5 checksum:   963226 b15cd5548aa1e860b6e9bb47f30522e9
      
      Size/MD5 checksum:   983220 d502115d1ad1815f2dc11c4aca901857
      
      Size/MD5 checksum:  1010096 3b23c98f66e6930f7c2b69d44df87c16
      
      Size/MD5 checksum:   542824 c3781f7ce47e3539fdb2845b3035d0ad
      
      Size/MD5 checksum:   461100 0e332969cc1dfb58f28e2d5ad7ccb310
      
      Size/MD5 checksum:   522938 ac87211100409cb76e6da6be7aedbc9e

- -- 
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org> 
Debian -- Security Information 
Mailing-List: debian-security-announce@lists.debian.org

Debian: samba password buffer overflow vulnerability

November 22, 2002
There was a bug in the length checking for encrypted password change requests from clients.

Summary

Package : samba
Problem type : remote exploit
Debian-specific: no

Steve Langasek found an exploitable bug in the password handling
code in samba: when converting from DOS code-page to little endian
UCS2 unicode a buffer length was not checked and a buffer could
be overflowed. There is no known exploit for this, but an upgrade
is strongly recommended.

This problem has been fixed in version 2.2.3a-12 of the Debian
samba packages and upstream version 2.2.7.



Obtaining updates:

By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.

With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at Debian -- Security Information



Debian GNU/Linux 3.0 alias woody

Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc. At this moments updates for m68k, mips and
mipsel are not yet available.

Source archives:


Size/MD5 checksum: 1469 5db10f38dc411972fed1e8e79ac9e2cb

Size/MD5 checksum: 5460531 b6ec2f076af69331535a82b586f55254

Size/MD5 checksum: 116834 55b9c9ed1e423608838b5493eec9f727

Architecture independent packages:


Size/MD5 checksum: 2446440 dca2cc174c245ee12e601f1ba2b115e9

alpha architecture (DEC Alpha)


Size/MD5 checksum: 415200 163bd412f5fd1ec9a2a125e0b1b024ba

Size/MD5 checksum: 598938 037ca8de5dbf1462e0c17a88c7cd35bc

Size/MD5 checksum: 946742 47bdd6c9a6088326e6842265e3de6f8e

Size/MD5 checksum: 1130570 8f88729028cd3cd368435bc5feb282fb

Size/MD5 checksum: 622300 c22e7b482598b6c61a99410d50e1c0d6

Size/MD5 checksum: 488062 858e115dc3176c975c096e1328c08d49

Size/MD5 checksum: 1105314 0bd614d744080ebd3383898871f73fd3

Size/MD5 checksum: 1153962 8d1fcb828d6640136aaa93397fef3a4c

Size/MD5 checksum: 2951852 f880e61a41534119a50a9ae282212421

arm architecture (ARM)


Size/MD5 checksum: 827734 e3592bb5e8c72aa3345176ac04374ae7

Size/MD5 checksum: 971194 b57cf8b4f59e0494d40faa01727068d3

Size/MD5 checksum: 555212 485db779cf0088b7517c16f9db37563c

Size/MD5 checksum: 2538940 fcfac695c9519b47a1a8d88816567461

Size/MD5 checksum: 1020942 1546a075896de1bdffcf7b94f73237c5

Size/MD5 checksum: 396136 b89712a3f81a1517c03d72e92f2f0d8a

Size/MD5 checksum: 545278 868d941841b8202fdd31e3abdfcccae0

Size/MD5 checksum: 997842 b5ddde05fb712e4caece39742729587d

Size/MD5 checksum: 460106 c172491c4ee37bf799984a365102ee2c

hppa architecture (HP PA RISC)


Size/MD5 checksum: 490226 27845f64f50ff1e878b6c35c630d6c33

Size/MD5 checksum: 588196 f0cfc0eca799ac5367ac00d1fb557b07

Size/MD5 checksum: 1058852 38f1ac012369422463a7795a5d8347c2

Size/MD5 checksum: 1080408 33784c32dfe825aad5f8a532e960e1de

Size/MD5 checksum: 419192 830dda3c6340905e50846b052e861633

Size/MD5 checksum: 899680 c3a982a826f2e1e0741532ea9b3b713c

Size/MD5 checksum: 589188 01adde49d328f27cc03dc07cf67680fe

Size/MD5 checksum: 1083762 bfea5fc49e57c1605057777e9f3109e8

Size/MD5 checksum: 2788718 7eb604a2b4a480096b695e5cd4d8da84

i386 architecture (Intel ia32)


Size/MD5 checksum: 445374 a85056ba4ba3b87ada684a8014eb7990

Size/MD5 checksum: 928972 81833ccd4b60b1d29adcf7447ae22ca9

Size/MD5 checksum: 792318 9f067eee4ed00ff7697f9564eff78b1f

Size/MD5 checksum: 952666 ed2648d7c6b58ea6d7213c77c1f48bbd

Size/MD5 checksum: 388394 bdd346a1fea3b494cbcb3cb11dc9ef96

Size/MD5 checksum: 2415034 d868491571d191a813dbaf57a7d4708f

Size/MD5 checksum: 992248 6c4ae105bed3341a7f75c72088fc6b4a

Size/MD5 checksum: 499028 462a7b14146f2260605f812864b3d76f

Size/MD5 checksum: 534722 9390c2ec3763ac36d0b721c5504b3e82

ia64 architecture (Intel ia64)


Size/MD5 checksum: 552692 042613b1ccb5558434143cf36ae80753

Size/MD5 checksum: 1095708 fe153731989182f94daeed671f5b708b

Size/MD5 checksum: 461212 ad9be5397fc945947a370532a0ff5255

Size/MD5 checksum: 3486514 05bfbd1f12b7bd86bbdc4bc045a646ca

Size/MD5 checksum: 1246972 dd178013fef5bc1dc26fcc3c26a2964b

Size/MD5 checksum: 1326550 a682d63e46dba34ef0616c35aa162300

Size/MD5 checksum: 1280400 e726e9a101dc51e01fa0b390821f7f1b

Size/MD5 checksum: 694496 d0d3323d614f14a255c1f38a0c1d7a1e

Size/MD5 checksum: 623720 a6c3b79db8d814cd528675a70065f8cf

powerpc architecture (PowerPC)


Size/MD5 checksum: 1000492 5e2514849a99dd1b692ceea3371417d1

Size/MD5 checksum: 559952 423f249ff3691860668f428b754f7578

Size/MD5 checksum: 545346 157d1833143dee0f5cad3585ea363e46

Size/MD5 checksum: 1035624 e4b852940d6bdce313cb3e7b668e2c21

Size/MD5 checksum: 1020036 eeaef7fe954149cc547266323ab64433

Size/MD5 checksum: 2605718 a77c4fe21962efddb97160bad6220bbb

Size/MD5 checksum: 851144 88fc9331f16c31a1ce2a07c82ffa98d7

Size/MD5 checksum: 474558 19580f6109552c39453b9516aea7161b

Size/MD5 checksum: 408470 a43d6edffd90cd457750226d18a914f9

s390 architecture (IBM S/390)


Size/MD5 checksum: 525784 7e251a6496d905a974d177c2f64968d8

Size/MD5 checksum: 402670 45fe4eab1b2b2a5a453fb2fcb63d2bb8

Size/MD5 checksum: 979614 9d159305c5bdf5f4d2859c70fea1fe49

Size/MD5 checksum: 468906 ea0be1d14a305b21ffc2b61129756ee3

Size/MD5 checksum: 1006360 25e9bdf52fdfa988f27ece4f0ed40dc2

Size/MD5 checksum: 829674 9733bce59be83972d401bd860e450ad5

Size/MD5 checksum: 2488818 06c9d8cb4d2f74d9befef7bdaf4585ae

Size/MD5 checksum: 536106 8208c2b787bb676f3bcbefa2c39a5f57

Size/MD5 checksum: 962980 be1472ede7611310f2f38f6ff1748c6d

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 2511036 f0ff0e99290754f16fa1908fdddb45fe

Size/MD5 checksum: 827784 d9db5769e8cffc2c4f5b98782b500550

Size/MD5 checksum: 400106 42c72cde09e8e2004e46409d1a126f04

Size/MD5 checksum: 963226 b15cd5548aa1e860b6e9bb47f30522e9

Size/MD5 checksum: 983220 d502115d1ad1815f2dc11c4aca901857

Size/MD5 checksum: 1010096 3b23c98f66e6930f7c2b69d44df87c16

Size/MD5 checksum: 542824 c3781f7ce47e3539fdb2845b3035d0ad

Size/MD5 checksum: 461100 0e332969cc1dfb58f28e2d5ad7ccb310

Size/MD5 checksum: 522938 ac87211100409cb76e6da6be7aedbc9e

- --
Debian Security team <team@security.debian.org>
Debian -- Security Information
Mailing-List: debian-security-announce@lists.debian.org






Severity

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved