What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11
- - ---------------------------------------------------------------------

          PACKAGE : samba
          SUMMARY : buffer overrun
             DATE : 2003-03-17 09:22 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <2.2.8 : fixed version>=2.2.8
              CVE : CAN-2003-0085 CAN-2003-0086

- - ---------------------------------------------------------------------

- From advisory:

"The SuSE security audit team, in particular Sebastian Krahmer
, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server."

"A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd."

Read the full advisory at: 
 

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-fs/samba upgrade to samba-2.2.8 as follows:

emerge sync
emerge samba
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

2.2.8

Gentoo: samba multiple vulnerabilities

A buffer overflow and race condition vulnerabilities have been fixed

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

- From advisory:

"The SuSE security audit team, in particular Sebastian Krahmer
, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server."

"A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd."

Read the full advisory at: 


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-fs/samba upgrade to samba-2.2.8 as follows:

emerge sync
emerge samba
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

2.2.8

Resolution

References

Availability

Concerns

Severity
PACKAGE : samba
SUMMARY : buffer overrun
DATE : 2003-03-17 09:22 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.2.8 : fixed version>=2.2.8
CVE : CAN-2003-0085 CAN-2003-0086

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

Oct 19, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Oct 5, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo