Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Gentoo: 200304-02 Critical: Samba Remote Access Buffer Overflow

gentoo
Calendar Grey April 9, 2003
Dist Gentoo Esm H88
Arch Linux users are strongly encouraged to refresh their OpenSSH installations because of a critical security flaw that compromises remote login safety. Act without delay!
An anonymous user can gain remote root access due to a buffer overflow caused by a StrnCpy() into a char array (fname) using a non-constant length (namelen).

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-02
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
- From advisory:
"An anonymous user can gain remote root access due to a buffer overflow caused by a StrnCpy() into a char array (fname) using a non-constant length (namelen)."
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104972664226781&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-fs/samba upgrade to samba-2.2.8a as follows:
emerge sync emerge samba emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
2.2.8a

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : samba
SUMMARY : Buffer overflow
DATE : 2003-04-09 08:44 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.2.8a : fixed version>=2.2.8a
CVE : CAN-2003-0201

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround