Debian: samba password buffer overflow vulnerability

    Date22 Nov 2002
    CategoryDebian
    3450
    Posted ByLinuxSecurity Advisories
    There was a bug in the length checking for encrypted password change requests from clients.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-200-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    November 22, 2002
    - ------------------------------------------------------------------------
    
    
    Package        : samba
    Problem type   : remote exploit
    Debian-specific: no
    
    Steve Langasek found an exploitable bug in the password handling
    code in samba: when converting from DOS code-page to little endian
    UCS2 unicode a buffer length was not checked and a buffer could
    be overflowed. There is no known exploit for this, but an upgrade
    is strongly recommended.
    
    This problem has been fixed in version 2.2.3a-12 of the Debian
    samba packages and upstream version 2.2.7.
    
    
    - ------------------------------------------------------------------------
    
    Obtaining updates:
    
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
    
      With apt:
        deb  http://security.debian.org/ stable/updates main
            added to /etc/apt/sources.list will provide security updates
    
    Additional information can be found on the Debian security webpages
    at  http://www.debian.org/security/
    
    - ------------------------------------------------------------------------
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc. At this moments updates for m68k, mips and
      mipsel are not yet available.
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc
          Size/MD5 checksum:     1469 5db10f38dc411972fed1e8e79ac9e2cb
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
          Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz
          Size/MD5 checksum:   116834 55b9c9ed1e423608838b5493eec9f727
    
      Architecture independent packages:
    
         http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb
          Size/MD5 checksum:  2446440 dca2cc174c245ee12e601f1ba2b115e9
    
      alpha architecture (DEC Alpha)
    
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb
          Size/MD5 checksum:   415200 163bd412f5fd1ec9a2a125e0b1b024ba
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb
          Size/MD5 checksum:   598938 037ca8de5dbf1462e0c17a88c7cd35bc
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb
          Size/MD5 checksum:   946742 47bdd6c9a6088326e6842265e3de6f8e
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb
          Size/MD5 checksum:  1130570 8f88729028cd3cd368435bc5feb282fb
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb
          Size/MD5 checksum:   622300 c22e7b482598b6c61a99410d50e1c0d6
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb
          Size/MD5 checksum:   488062 858e115dc3176c975c096e1328c08d49
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb
          Size/MD5 checksum:  1105314 0bd614d744080ebd3383898871f73fd3
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb
          Size/MD5 checksum:  1153962 8d1fcb828d6640136aaa93397fef3a4c
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb
          Size/MD5 checksum:  2951852 f880e61a41534119a50a9ae282212421
    
      arm architecture (ARM)
    
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb
          Size/MD5 checksum:   827734 e3592bb5e8c72aa3345176ac04374ae7
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb
          Size/MD5 checksum:   971194 b57cf8b4f59e0494d40faa01727068d3
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb
          Size/MD5 checksum:   555212 485db779cf0088b7517c16f9db37563c
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb
          Size/MD5 checksum:  2538940 fcfac695c9519b47a1a8d88816567461
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb
          Size/MD5 checksum:  1020942 1546a075896de1bdffcf7b94f73237c5
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb
          Size/MD5 checksum:   396136 b89712a3f81a1517c03d72e92f2f0d8a
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb
          Size/MD5 checksum:   545278 868d941841b8202fdd31e3abdfcccae0
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb
          Size/MD5 checksum:   997842 b5ddde05fb712e4caece39742729587d
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_arm.deb
          Size/MD5 checksum:   460106 c172491c4ee37bf799984a365102ee2c
    
      hppa architecture (HP PA RISC)
    
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_hppa.deb
          Size/MD5 checksum:   490226 27845f64f50ff1e878b6c35c630d6c33
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb
          Size/MD5 checksum:   588196 f0cfc0eca799ac5367ac00d1fb557b07
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_hppa.deb
          Size/MD5 checksum:  1058852 38f1ac012369422463a7795a5d8347c2
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_hppa.deb
          Size/MD5 checksum:  1080408 33784c32dfe825aad5f8a532e960e1de
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_hppa.deb
          Size/MD5 checksum:   419192 830dda3c6340905e50846b052e861633
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_hppa.deb
          Size/MD5 checksum:   899680 c3a982a826f2e1e0741532ea9b3b713c
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_hppa.deb
          Size/MD5 checksum:   589188 01adde49d328f27cc03dc07cf67680fe
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_hppa.deb
          Size/MD5 checksum:  1083762 bfea5fc49e57c1605057777e9f3109e8
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_hppa.deb
          Size/MD5 checksum:  2788718 7eb604a2b4a480096b695e5cd4d8da84
    
      i386 architecture (Intel ia32)
    
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_i386.deb
          Size/MD5 checksum:   445374 a85056ba4ba3b87ada684a8014eb7990
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb
          Size/MD5 checksum:   928972 81833ccd4b60b1d29adcf7447ae22ca9
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_i386.deb
          Size/MD5 checksum:   792318 9f067eee4ed00ff7697f9564eff78b1f
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_i386.deb
          Size/MD5 checksum:   952666 ed2648d7c6b58ea6d7213c77c1f48bbd
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_i386.deb
          Size/MD5 checksum:   388394 bdd346a1fea3b494cbcb3cb11dc9ef96
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_i386.deb
          Size/MD5 checksum:  2415034 d868491571d191a813dbaf57a7d4708f
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_i386.deb
          Size/MD5 checksum:   992248 6c4ae105bed3341a7f75c72088fc6b4a
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_i386.deb
          Size/MD5 checksum:   499028 462a7b14146f2260605f812864b3d76f
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_i386.deb
          Size/MD5 checksum:   534722 9390c2ec3763ac36d0b721c5504b3e82
    
      ia64 architecture (Intel ia64)
    
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_ia64.deb
          Size/MD5 checksum:   552692 042613b1ccb5558434143cf36ae80753
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb
          Size/MD5 checksum:  1095708 fe153731989182f94daeed671f5b708b
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_ia64.deb
          Size/MD5 checksum:   461212 ad9be5397fc945947a370532a0ff5255
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_ia64.deb
          Size/MD5 checksum:  3486514 05bfbd1f12b7bd86bbdc4bc045a646ca
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_ia64.deb
          Size/MD5 checksum:  1246972 dd178013fef5bc1dc26fcc3c26a2964b
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_ia64.deb
          Size/MD5 checksum:  1326550 a682d63e46dba34ef0616c35aa162300
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_ia64.deb
          Size/MD5 checksum:  1280400 e726e9a101dc51e01fa0b390821f7f1b
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_ia64.deb
          Size/MD5 checksum:   694496 d0d3323d614f14a255c1f38a0c1d7a1e
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_ia64.deb
          Size/MD5 checksum:   623720 a6c3b79db8d814cd528675a70065f8cf
    
      powerpc architecture (PowerPC)
    
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:  1000492 5e2514849a99dd1b692ceea3371417d1
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:   559952 423f249ff3691860668f428b754f7578
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:   545346 157d1833143dee0f5cad3585ea363e46
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:  1035624 e4b852940d6bdce313cb3e7b668e2c21
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:  1020036 eeaef7fe954149cc547266323ab64433
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:  2605718 a77c4fe21962efddb97160bad6220bbb
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:   851144 88fc9331f16c31a1ce2a07c82ffa98d7
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:   474558 19580f6109552c39453b9516aea7161b
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_powerpc.deb
          Size/MD5 checksum:   408470 a43d6edffd90cd457750226d18a914f9
    
      s390 architecture (IBM S/390)
    
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_s390.deb
          Size/MD5 checksum:   525784 7e251a6496d905a974d177c2f64968d8
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb
          Size/MD5 checksum:   402670 45fe4eab1b2b2a5a453fb2fcb63d2bb8
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_s390.deb
          Size/MD5 checksum:   979614 9d159305c5bdf5f4d2859c70fea1fe49
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_s390.deb
          Size/MD5 checksum:   468906 ea0be1d14a305b21ffc2b61129756ee3
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_s390.deb
          Size/MD5 checksum:  1006360 25e9bdf52fdfa988f27ece4f0ed40dc2
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_s390.deb
          Size/MD5 checksum:   829674 9733bce59be83972d401bd860e450ad5
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_s390.deb
          Size/MD5 checksum:  2488818 06c9d8cb4d2f74d9befef7bdaf4585ae
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_s390.deb
          Size/MD5 checksum:   536106 8208c2b787bb676f3bcbefa2c39a5f57
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_s390.deb
          Size/MD5 checksum:   962980 be1472ede7611310f2f38f6ff1748c6d
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_sparc.deb
          Size/MD5 checksum:  2511036 f0ff0e99290754f16fa1908fdddb45fe
         http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   827784 d9db5769e8cffc2c4f5b98782b500550
         http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   400106 42c72cde09e8e2004e46409d1a126f04
         http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   963226 b15cd5548aa1e860b6e9bb47f30522e9
         http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   983220 d502115d1ad1815f2dc11c4aca901857
         http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_sparc.deb
          Size/MD5 checksum:  1010096 3b23c98f66e6930f7c2b69d44df87c16
         http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   542824 c3781f7ce47e3539fdb2845b3035d0ad
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   461100 0e332969cc1dfb58f28e2d5ad7ccb310
         http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_sparc.deb
          Size/MD5 checksum:   522938 ac87211100409cb76e6da6be7aedbc9e
    
    - -- 
    - ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    http://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.