Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora Samba 3.0.2 Advisory Critical: Unauthorized Access Risk

fedora
Calendar Grey February 18, 2004
Dist Fedora Esm H88
Recent Samba patches address security weaknesses that might permit unauthorized entry by rectifying memory handling issues. Upgrade now to boost your protection.
Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the password field of a disabled account with uninitialized memory.

Summary

Samba is the protocol by which a lot of PC-related machines share

files, printers, and other information (such as lists of available

files and printers). The Windows NT, OS/2, and Linux operating systems

support this natively, and add-on packages can enable the same thing

for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package

provides an SMB server that can be used to provide network services to

SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over

TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw

NetBIOS frame) protocol.

Update Information:

* Thu Feb 12 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-7.FC1

- Fix the ownership on /usr/lib/samba and /usr/lib/samba/charset

* Mon Feb 09 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-5.FC1

- Merge from HEAD to build 3.0.2 for Fedora Core 1 erratum. - New upstream version: 3.0.2 final includes security fix for #114995 (CAN-2004-0082) - Edit postun script for the -common package to restart winbind when appropriate. Fixes bugzilla #114051.

* Mon Feb 02 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-3rc2

- add %dir entries for /usr/lib/samba and /usr/lib/samba/charset - Upgrade to new upstream version - build mount.cifs for the new cifs filesystem in the 2.6 kernel.

* Mon Jan 19 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-1rc1

- Upgrade to new upstream version

* Wed Dec 17 2003 Felipe Alfaro Solana <felipe_alfaro@linuxmail.org> 3.0.1-1

- Update to 3.0.1 - Removed testparm patch as it's already merged - Removed Samba.7* man pages - Fixed .buildro...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory unauthorized access fedora samba 3.0.2 update

Change Log

References

Updated Samba packages that fix a potential unathorized access problem are now avaliable.
Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the password field of a disabled account with uninitialized memory. If an attacker could know what will be in that memory, he could gain access to the disabled acocunt.
If you use Samba, you should consider upgrading to these new packages.
Fedora Update Notification FEDORA-2004-074 2004-02-16
Name : samba Version : 3.0.2 Release : 7.FC1 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: samba
Version: 3.0.2
Release: 7.FC1
Summary: The Samba SMB server.

Topics%20covered

Topics Covered

security advisory unauthorized access fedora samba 3.0.2 update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here