Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:131 - Updated samba packages fix DoS vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 11 Nov 2004 00:52:09 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           samba
 Advisory ID:            MDKSA-2004:131
 Date:                   November 10th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Karol Wiesek discovered a bug in the input validation routines in
 Samba 3.x used to match filename strings containing wildcard
 characters.  This bug may allow a user to consume more than normal
 amounts of CPU cycles which would impact the performance and response
 of the server.  In some cases it could also cause the server to become
 entirely unresponsive.
 
 The updated packages are patched to prevent this problem with patches
 from the Samba team.  This vulnerability is fixed in samba 3.0.8.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 fc96ab5a509d3fd77944cf9080a68cad  10.0/RPMS/libsmbclient0-3.0.6-4.2.100mdk.i586.rpm
 6b92b174be93974e71094aaf67ced8bf  10.0/RPMS/libsmbclient0-devel-3.0.6-4.2.100mdk.i586.rpm
 89ea0ab1e038d987ff0fd5190770a45f  10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.2.100mdk.i586.rpm
 f13d2f12b1c9920adaa52c441247c431  10.0/RPMS/nss_wins-3.0.6-4.2.100mdk.i586.rpm
 4613741eb2d437e2da558d5a00efad03  10.0/RPMS/samba-client-3.0.6-4.2.100mdk.i586.rpm
 ee45967d391ef34cd05d3850aded75cc  10.0/RPMS/samba-common-3.0.6-4.2.100mdk.i586.rpm
 f20ea8797f68102e385904bd24f223bf  10.0/RPMS/samba-doc-3.0.6-4.2.100mdk.i586.rpm
 2343c1794ee0395c581032929f48eb77  10.0/RPMS/samba-passdb-mysql-3.0.6-4.2.100mdk.i586.rpm
 a135e6491aeb15a6be81f074380569f3  10.0/RPMS/samba-passdb-pgsql-3.0.6-4.2.100mdk.i586.rpm
 edb423501f04386ccb3bba65981befb7  10.0/RPMS/samba-passdb-xml-3.0.6-4.2.100mdk.i586.rpm
 b124d7513d6866a34dbcf824e836e06d  10.0/RPMS/samba-server-3.0.6-4.2.100mdk.i586.rpm
 b0ba7b581630923046317aec12c432eb  10.0/RPMS/samba-swat-3.0.6-4.2.100mdk.i586.rpm
 33a7a755e9902ff64f463a27ae15a169  10.0/RPMS/samba-winbind-3.0.6-4.2.100mdk.i586.rpm
 8ffe9c6f1210684a55d161edb7c72d3c  10.0/SRPMS/samba-3.0.6-4.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 471814a0ee4cd943f6d45f29ab5db775  amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.2.100mdk.amd64.rpm
 178326e1eb840ab593dec9cbb6fffd03  amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.2.100mdk.amd64.rpm
 462500a11b09e25fc0140afaaddc9da1  amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.2.100mdk.amd64.rpm
 3c0255a04de4fdbc051853e4a0fd582c  amd64/10.0/RPMS/nss_wins-3.0.6-4.2.100mdk.amd64.rpm
 eda008304e790311dcaac046758fe93f  amd64/10.0/RPMS/samba-client-3.0.6-4.2.100mdk.amd64.rpm
 b4a4cad770890d83b14c86ad021046ed  amd64/10.0/RPMS/samba-common-3.0.6-4.2.100mdk.amd64.rpm
 9a43ce1e10252c9ac5dd5b24b17909eb  amd64/10.0/RPMS/samba-doc-3.0.6-4.2.100mdk.amd64.rpm
 05021e3110a8f20ffd3d927303892e92  amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.2.100mdk.amd64.rpm
 9870805d66d91862e453352c08ded88c  amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.2.100mdk.amd64.rpm
 2a96ca3e2b72aad7534c3eca637e53ff  amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.2.100mdk.amd64.rpm
 5dfcd5ba57582d36531b7f48e6ad64f3  amd64/10.0/RPMS/samba-server-3.0.6-4.2.100mdk.amd64.rpm
 6fe165ee376cf21638f7f0d5dd73c8da  amd64/10.0/RPMS/samba-swat-3.0.6-4.2.100mdk.amd64.rpm
 168a4c2a4026be306a15bbf689ec8494  amd64/10.0/RPMS/samba-winbind-3.0.6-4.2.100mdk.amd64.rpm
 8ffe9c6f1210684a55d161edb7c72d3c  amd64/10.0/SRPMS/samba-3.0.6-4.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 252f42f17da3acd366b5b2e43de2ac1c  10.1/RPMS/libsmbclient0-3.0.7-2.1.101mdk.i586.rpm
 9977b3a58446f496887d0afb7ff89d55  10.1/RPMS/libsmbclient0-devel-3.0.7-2.1.101mdk.i586.rpm
 b8db76302389301e7250538eaa5840a9  10.1/RPMS/libsmbclient0-static-devel-3.0.7-2.1.101mdk.i586.rpm
 1c93ebc746d12e2165623b0c155ee2c7  10.1/RPMS/nss_wins-3.0.7-2.1.101mdk.i586.rpm
 e057eb4a81a562eed72cdc26603d9809  10.1/RPMS/samba-client-3.0.7-2.1.101mdk.i586.rpm
 c85ecce8d3b0b3992ea137cbb1332ec6  10.1/RPMS/samba-common-3.0.7-2.1.101mdk.i586.rpm
 06775da91feeec4d306ff5450a5d1f94  10.1/RPMS/samba-doc-3.0.7-2.1.101mdk.i586.rpm
 4556886aa48f5019029664f106d10ee0  10.1/RPMS/samba-passdb-mysql-3.0.7-2.1.101mdk.i586.rpm
 629e406c3a603ba16d9ee84a1b335b22  10.1/RPMS/samba-passdb-pgsql-3.0.7-2.1.101mdk.i586.rpm
 5d56f944f6d6de27412d040398fe1cc8  10.1/RPMS/samba-passdb-xml-3.0.7-2.1.101mdk.i586.rpm
 ba16fff1d2eb9a7656ff894933a608fd  10.1/RPMS/samba-server-3.0.7-2.1.101mdk.i586.rpm
 00e1439e77dab509297d7731a742fd7e  10.1/RPMS/samba-swat-3.0.7-2.1.101mdk.i586.rpm
 f84b9b4b33dbc5bf6c2f0988db483397  10.1/RPMS/samba-vscan-clamav-3.0.7-2.1.101mdk.i586.rpm
 896444e099a2f76921bb759a444bca7d  10.1/RPMS/samba-vscan-icap-3.0.7-2.1.101mdk.i586.rpm
 ff6edefa89b6ffae6ade0c9d29bc5c0f  10.1/RPMS/samba-winbind-3.0.7-2.1.101mdk.i586.rpm
 6af4ba75f6dceeb9f59593f7eb6eadba  10.1/SRPMS/samba-3.0.7-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d4bd53b5357a048df4df87a28a35605f  x86_64/10.1/RPMS/lib64smbclient0-3.0.7-2.1.101mdk.x86_64.rpm
 25bd817806f9b87b2eecf422871276eb  x86_64/10.1/RPMS/lib64smbclient0-devel-3.0.7-2.1.101mdk.x86_64.rpm
 0f30be16cf3b6b91119d818cebc015a0  x86_64/10.1/RPMS/lib64smbclient0-static-devel-3.0.7-2.1.101mdk.x86_64.rpm
 e0af7cbd659288278c83f11681ea23f6  x86_64/10.1/RPMS/nss_wins-3.0.7-2.1.101mdk.x86_64.rpm
 8598ae6169bf34f8f94280e86e3e7158  x86_64/10.1/RPMS/samba-client-3.0.7-2.1.101mdk.x86_64.rpm
 21583612543254f59f1497f31ebdd452  x86_64/10.1/RPMS/samba-common-3.0.7-2.1.101mdk.x86_64.rpm
 ef742a2f8e90f6b28199b7d7f401d360  x86_64/10.1/RPMS/samba-doc-3.0.7-2.1.101mdk.x86_64.rpm
 3e075b3a310f7b2734b31e475d1ed38a  x86_64/10.1/RPMS/samba-passdb-mysql-3.0.7-2.1.101mdk.x86_64.rpm
 3157d958ac5dfa1d9d6e0414cd6ba4c2  x86_64/10.1/RPMS/samba-passdb-pgsql-3.0.7-2.1.101mdk.x86_64.rpm
 29ca763736331a93876f43a80ba38508  x86_64/10.1/RPMS/samba-passdb-xml-3.0.7-2.1.101mdk.x86_64.rpm
 8eb60d9846b1fc279c7a93c9fee1076c  x86_64/10.1/RPMS/samba-server-3.0.7-2.1.101mdk.x86_64.rpm
 d8bf4040f0821c196108dd19f3b64035  x86_64/10.1/RPMS/samba-swat-3.0.7-2.1.101mdk.x86_64.rpm
 a4912224c8872ab97e3afb2ca93caa6e  x86_64/10.1/RPMS/samba-vscan-clamav-3.0.7-2.1.101mdk.x86_64.rpm
 1e93b617f178801979e3a7240437ac92  x86_64/10.1/RPMS/samba-vscan-icap-3.0.7-2.1.101mdk.x86_64.rpm
 6b76d20975f5f8d6a1c4f39cd58becca  x86_64/10.1/RPMS/samba-winbind-3.0.7-2.1.101mdk.x86_64.rpm
 6af4ba75f6dceeb9f59593f7eb6eadba  x86_64/10.1/SRPMS/samba-3.0.7-2.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBkre5mqjQ0CJFipgRAvsMAJ9vXHa3Ycai29cSPdlFzNfJJ/533ACfd/HZ
ne9mF4TcnnSa/5VZwrhG1Bw=
=TWvI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:131 - Updated samba packages fix DoS vulnerability Mandrake Linux Security Team (Nov 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]