Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

GLSA: samba (200303-11)
From: Daniel Ahlberg <aliz () gentoo org>
Date: Mon, 17 Mar 2003 10:22:11 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11
- - ---------------------------------------------------------------------

          PACKAGE : samba
          SUMMARY : buffer overrun
             DATE : 2003-03-17 09:22 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <2.2.8
    FIXED VERSION : >=2.2.8
              CVE : CAN-2003-0085 CAN-2003-0086

- - ---------------------------------------------------------------------

- From advisory:

"The SuSE security audit team, in particular Sebastian Krahmer
<krahmer at suse.de>, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server."

"A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd."

Read the full advisory at:
http://lists.samba.org/pipermail/samba-announce/2003-March/000063.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-fs/samba upgrade to samba-2.2.8 as follows:

emerge sync
emerge samba
emerge clean

- - ---------------------------------------------------------------------
aliz () gentoo org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+dZPAfT7nyhUpoZMRAqJaAJ90Tc8Bkgq+QRwjzTIdAedcgGZb8wCggBWq
Gok26HB4womHvtn/3PrBsXY=
=7cIA
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • GLSA: samba (200303-11) Daniel Ahlberg (Mar 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault