New version of samba released

    Date13 Dec 1999
    CategoryDebian
    3001
    Posted ByLinuxSecurity Advisories
    The version of samba as distributed in Debian GNU/Linux 2.1 has a couple ofsecurity problems:* a Denial-of-Service attack against nmbd was possible* it was possible to exploit smbd if you had a message command defined which used the %f or %M formatter.* smbmnt's check to see if a user is allowed to create a mount was flawed which allowed users to mount at arbitraty mountpoints in the filesystem
    -----BEGIN PGP SIGNED MESSAGE-----
    
    
    The version of samba as distributed in Debian GNU/Linux 2.1 has a couple of
    security problems:
    * a Denial-of-Service attack against nmbd was possible
    * it was possible to exploit smbd if you had a message command defined
      which used the %f or %M formatter.
    * smbmnt's check to see if a user is allowed to create a mount was flawed
      which allowed users to mount at arbitraty mountpoints in the filesystem
    
    These problems have been fixed in version 2.0.5a-1. We recommend you upgrade
    your samba packages immediately.
    
    Please note that this is a major upgrade so please be careful when you upgrade
    since some changes to the configuration file might be necessary. The 
    configuration
    file also moved to a new location (/etc/samba).
    
    The smbfsx package is also obsolete with this update and has been replaced by
    smbfs, which can handle both 2.0 and 2.2 kernels now.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      This version of Debian was released only for Intel, the Motorola
      680x0, the alpha and the Sun sparc architecture.
    
      Source archives:
        http://security.debian.org/dists/stable/updates/source/samba_2.0.5a-
    1.diff.gz
          MD5 checksum: 1354ea63f79e7fa0b4b71685dbac118b
        http://security.debian.org/dists/stable/updates/source/samba_2.0.5a-
    1.dsc
          MD5 checksum: e51aeb259913179b60dbddd0b9e70bf5
        http://security.debian.org/dists/stable/updates/source/samba_2.0.5a.orig.
    tar.gz
          MD5 checksum: 497e5f98ed9b520b18e926ff2f7307ba
    
      Architecture indendent archives:
        http://security.debian.org/dists/stable/updates/binary-
    all/samba-doc_2.0.5a-1_all.deb
          MD5 checksum: a9c1addcff72605f66a2334eef5e25ef
    
      Alpha architecture:
        http://security.debian.org/dists/stable/updates/binary-alpha/samba-
    common_2.0.5a-1_alpha.deb
          MD5 checksum: 48b9651e2cefd6f6ad820ded9ebc9191
        http://security.debian.org/dists/stable/updates/binary-
    alpha/samba_2.0.5a-1_alpha.deb
          MD5 checksum: 9bb86e810254fe59feb02e817815b64f
        http://security.debian.org/dists/stable/updates/binary-
    alpha/smbclient_2.0.5a-1_alpha.deb
          MD5 checksum: 54a89ad98e1167a3265ff30881618b3f
        http://security.debian.org/dists/stable/updates/binary-
    alpha/smbfs_2.0.5a-1_alpha.deb
          MD5 checksum: 596e22cdf0848fcffd1885f16b38cf83
        http://security.debian.org/dists/stable/updates/binary-
    alpha/smbwrapper_2.0.5a-1_alpha.deb
          MD5 checksum: 5003fb2a3555daddd3d877529ac65e1e
        http://security.debian.org/dists/stable/updates/binary-
    alpha/swat_2.0.5a-1_alpha.deb
          MD5 checksum: e99ec78abdac4a8ab1348773e3fa32cd
    
      Intel ia32 architecture:
        http://security.debian.org/dists/stable/updates/binary-i386/samba-
    common_2.0.5a-1_i386.deb
          MD5 checksum: eb8b9aa964912975db301f1e83919d36
        http://security.debian.org/dists/stable/updates/binary-
    i386/samba_2.0.5a-1_i386.deb
          MD5 checksum: 799ab1a56dd726548c33a130edfb9231
        http://security.debian.org/dists/stable/updates/binary-
    i386/smbclient_2.0.5a-1_i386.deb
          MD5 checksum: f5db7b12b67b24048d7ff915c9ec77ee
        http://security.debian.org/dists/stable/updates/binary-
    i386/smbfs_2.0.5a-1_i386.deb
          MD5 checksum: b6e90edf5db22cf3952a01f726cb7dd7
        http://security.debian.org/dists/stable/updates/binary-
    i386/smbwrapper_2.0.5a-1_i386.deb
          MD5 checksum: afabbae0e5ffdd03475a302586d75be5
        http://security.debian.org/dists/stable/updates/binary-
    i386/swat_2.0.5a-1_i386.deb
          MD5 checksum: bd235e608944c7cd3cc7a17fceab0199
    
      Motorola 680x0 architecture:
        http://security.debian.org/dists/stable/updates/binary-m68k/samba-
    common_2.0.5a-1_m68k.deb
          MD5 checksum: 91d8b04d9ef76ca08fff5938007eb235
        http://security.debian.org/dists/stable/updates/binary-
    m68k/samba_2.0.5a-1_m68k.deb
          MD5 checksum: 6404ca678a20ad17e44b6c74cc3182a1
        http://security.debian.org/dists/stable/updates/binary-
    m68k/smbclient_2.0.5a-1_m68k.deb
          MD5 checksum: 37f0a04da50f9880b22cb3eaf27b2794
        http://security.debian.org/dists/stable/updates/binary-
    m68k/smbfs_2.0.5a-1_m68k.deb
          MD5 checksum: 3685040bee6e01039f6588f97dab2c26
        http://security.debian.org/dists/stable/updates/binary-
    m68k/smbwrapper_2.0.5a-1_m68k.deb
          MD5 checksum: 1a43221c50137cbf5d94f7ad90ab548e
        http://security.debian.org/dists/stable/updates/binary-
    m68k/swat_2.0.5a-1_m68k.deb
          MD5 checksum: 7b5e610c9b044fe81ac66881ea59af64
    
      Sun Sparc architecture:
        http://security.debian.org/dists/stable/updates/binary-sparc/samba-
    common_2.0.5a-1_sparc.deb
          MD5 checksum: f4713291f719de2f32543e0fc37506ea
        http://security.debian.org/dists/stable/updates/binary-
    sparc/samba_2.0.5a-1_sparc.deb
          MD5 checksum: afb22260c07c60e4afd390bb3e108674
        http://security.debian.org/dists/stable/updates/binary-
    sparc/smbclient_2.0.5a-1_sparc.deb
          MD5 checksum: 28b22378ddb79b05d29b4b4fac2038c4
        http://security.debian.org/dists/stable/updates/binary-
    sparc/smbfs_2.0.5a-1_sparc.deb
          MD5 checksum: 8747b52257b451a1e19c93ea10048369
        http://security.debian.org/dists/stable/updates/binary-
    sparc/smbwrapper_2.0.5a-1_sparc.deb
          MD5 checksum: 420bfe236fcc1591175acd7eb3ad83e0
        http://security.debian.org/dists/stable/updates/binary-
    sparc/swat_2.0.5a-1_sparc.deb
          MD5 checksum: 38380d76284421c18e557e2d3a413a62
    
      These files will be moved into
      ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - -- 
    Debian GNU/Linux      .    Security Managers     .   This email address is being protected from spambots. You need JavaScript enabled to view it.
                  This email address is being protected from spambots. You need JavaScript enabled to view it.
      Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
       .     .   
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQB1AwUBN6IrDKjZR/ntlUftAQEmjAL/RGbp66V6Mf99rfM6i+flJiR0/3r+FfNO
    hQFTAkQ0avO+ta/rgeiVDFuBV0Paw60bPyObBB9ey7+P3ZCtNMKN9jQQHUMwBTCM
    6nPq4bbgAxInR3AvDiIOcn//JWR7ShOM
    =s865
    -----END PGP SIGNATURE-----
    
    

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.