[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] samba: potential for remote root exploit

To: linux-security
Subject: [linux-security] samba: potential for remote root exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 4 Dec 2002 17:10:30 -0800
User-Agent: Mutt/1.4i

Topic
=====
buffer overflow in the password handling code in samba may lead to
a remote root exploit

Problem Description
===================
There exists an exploitable bug in the password handling code in samba:
when converting from DOS code-page to little endian UCS2 unicode a buffer
length was not checked and a buffer could be overflowed. There is no known
exploit for this, but an upgrade is strongly recommended.

Affected Versions
=================
samba versions 2.2.2 through 2.2.6

Solution
========
upgrade to version 2.2.7 or to patched version for your distribution

RedHat 7.3
----------
rpm -Fvh samba-2.2.7-1.7.3.i386.rpm \
         samba-common-2.2.7-1.7.3.i386.rpm \
         samba-client-2.2.7-1.7.3.i386.rpm \
         samba-swat-2.2.7-1.7.3.i386.rpm

RedHat 8.0
----------
rpm -Fvh samba-2.2.7-2.i386.rpm \
         samba-common-2.2.7-2.i386.rpm \
         samba-client-2.2.7-2.i386.rpm \
         samba-swat-2.2.7-2.i386.rpm

Debian 3.0 (woody)
------------------
upgrade to samba_2.2.3a-12_i386.deb,
           samba-common_2.2.3a-12_i386.deb,
           smbclient_2.2.3a-12_i386.deb,
           smbfs_2.2.3a-12_i386.deb,
           libsmbclient_2.2.3a-12_i386.deb,
           libpam-smbpass_2.2.3a-12_i386.deb,
           libsmbclient-dev_2.2.3a-12_i386.deb,
           swat_2.2.3a-12_i386.deb,
           winbind_2.2.3a-12_i386.deb

Mandrake 8.1
------------
rpm -Fvh samba-2.2.2-3.3mdk.i586.rpm \
         samba-client-2.2.2-3.3mdk.i586.rpm \
         samba-common-2.2.2-3.3mdk.i586.rpm \
         samba-doc-2.2.2-3.3mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh samba-2.2.3a-10.1mdk.i586.rpm \
         samba-client-2.2.3a-10.1mdk.i586.rpm \
         samba-common-2.2.3a-10.1mdk.i586.rpm \
         samba-doc-2.2.3a-10.1mdk.i586.rpm \
         samba-swat-2.2.3a-10.1mdk.i586.rpm \
         samba-winbind-2.2.3a-10.1mdk.i586.rpm \
         nss_wins-2.2.3a-10.1mdk.i586.rpm

Mandrake 9.0
------------
rpm -Fvh samba-server-2.2.7-2.1mdk.i586.rpm \
         samba-client-2.2.7-2.1mdk.i586.rpm \
         samba-common-2.2.7-2.1mdk.i586.rpm \
         samba-doc-2.2.7-2.1mdk.i586.rpm \
         samba-swat-2.2.7-2.1mdk.i586.rpm \
         samba-winbind-2.2.7-2.1mdk.i586.rpm \
         nss_wins-2.2.7-2.1mdk.i586.rpm

SuSE 7.2
--------
rpm -Fvh samba-2.2.0a-45.i386.rpm \
         smbclnt-2.2.0a-45.i386.rpm

SuSE 7.3
--------
rpm -Fvh samba-2.2.1a-206.i386.rpm \
         samba-client-2.2.1a-206.i386.rpm

SuSE 8.0
--------
rpm -Fvh samba-2.2.3a-165.i386.rpm \
         samba-client-2.2.3a-165.i386.rpm

SuSE 8.1
--------
rpm -Fvh samba-2.2.5-124.i586.rpm \
         samba-client-2.2.5-124.i586.rpm

Prev by Date: [linux-security] php vulnerability
Next by Date: [linux-security] local DoS attack in Linux kernel
Prev by thread: [linux-security] local DoS attack in Linux kernel
Next by thread: [linux-security] php vulnerability
Index(es):
- Date
- Thread