Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:136 - Updated samba packages fix remote vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 18 Nov 2004 23:48:30 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           samba
 Advisory ID:            MDKSA-2004:136
 Date:                   November 18th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Steffan Esser discovered that invalid bounds checking in reply to
 certain trans2 requests could result in a buffer overrun in smbd.
 This can only be exploited by a malicious user able to create files
 with very specific Unicode filenames on a samba share.
 
 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 9b1cbb94f9b6a29f4db47d6362c7dc59  10.0/RPMS/libsmbclient0-3.0.6-4.3.100mdk.i586.rpm
 13d208678296f156851550d2fa6be003  10.0/RPMS/libsmbclient0-devel-3.0.6-4.3.100mdk.i586.rpm
 41ed3906b38c216647f0b4abb2b0e148  10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.3.100mdk.i586.rpm
 2949c6f12e1ae592d7d25cdd418cf3ab  10.0/RPMS/nss_wins-3.0.6-4.3.100mdk.i586.rpm
 81851b7b52e2db6271af33820b0d9e7f  10.0/RPMS/samba-client-3.0.6-4.3.100mdk.i586.rpm
 efde2c032fb6f83a1d8c4628790b9946  10.0/RPMS/samba-common-3.0.6-4.3.100mdk.i586.rpm
 714bb9e00bf4452854c90caced2551a4  10.0/RPMS/samba-doc-3.0.6-4.3.100mdk.i586.rpm
 1b31b3fe682ecd29d089e9128647cc77  10.0/RPMS/samba-passdb-mysql-3.0.6-4.3.100mdk.i586.rpm
 48ba46d5f50b50dcfb8f38fd6bd719e5  10.0/RPMS/samba-passdb-pgsql-3.0.6-4.3.100mdk.i586.rpm
 4e0e3b905b2fe0127ecfc08e1da3796e  10.0/RPMS/samba-passdb-xml-3.0.6-4.3.100mdk.i586.rpm
 888317c3b5fa0c9463e163b7c73075b7  10.0/RPMS/samba-server-3.0.6-4.3.100mdk.i586.rpm
 109efb2384cda0e3016c0b288f710e87  10.0/RPMS/samba-swat-3.0.6-4.3.100mdk.i586.rpm
 cef9d2b07f8355c02d69986d2afddb33  10.0/RPMS/samba-winbind-3.0.6-4.3.100mdk.i586.rpm
 10c369789d118dab97c86f28e4207ce5  10.0/SRPMS/samba-3.0.6-4.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8d810908b095dc8672eb7819bd15f0b2  amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.3.100mdk.amd64.rpm
 27a93b3cf869598fa23a37392c69d339  amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.3.100mdk.amd64.rpm
 557e63312a94f1bdc42982f240d140ca  amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.3.100mdk.amd64.rpm
 8e7cd945f7d406a049d7d8e79afc97b4  amd64/10.0/RPMS/nss_wins-3.0.6-4.3.100mdk.amd64.rpm
 06873271e882b5f00b72b7733664cb0a  amd64/10.0/RPMS/samba-client-3.0.6-4.3.100mdk.amd64.rpm
 fff4d9c9aa1d33a2b5c9c9a60e87a145  amd64/10.0/RPMS/samba-common-3.0.6-4.3.100mdk.amd64.rpm
 83404ba5b9b0a65ecdd820fc6fa4423c  amd64/10.0/RPMS/samba-doc-3.0.6-4.3.100mdk.amd64.rpm
 efdd9b19800f9f076a7e4e0c1314fd35  amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.3.100mdk.amd64.rpm
 436ec72f9ad76315e37906f6d5699a17  amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.3.100mdk.amd64.rpm
 415491ad3ade4577113d240ad98a88f2  amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.3.100mdk.amd64.rpm
 6ae1e74ad89e997b9caf15b4a65a78ea  amd64/10.0/RPMS/samba-server-3.0.6-4.3.100mdk.amd64.rpm
 623364413e9634f06e0e0cbf990535ce  amd64/10.0/RPMS/samba-swat-3.0.6-4.3.100mdk.amd64.rpm
 809e3c4b6faca289d76e23438df4bf07  amd64/10.0/RPMS/samba-winbind-3.0.6-4.3.100mdk.amd64.rpm
 10c369789d118dab97c86f28e4207ce5  amd64/10.0/SRPMS/samba-3.0.6-4.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 7701679643c47d6123b6552e46c22919  10.1/RPMS/libsmbclient0-3.0.7-2.2.101mdk.i586.rpm
 90cdd7197c880c093bbcd02633f06e04  10.1/RPMS/libsmbclient0-devel-3.0.7-2.2.101mdk.i586.rpm
 eef0fdf0c63aaf7ea38040f08a44c0ff  10.1/RPMS/libsmbclient0-static-devel-3.0.7-2.2.101mdk.i586.rpm
 2303f39d131fdc6e85c4e7b3d29eab30  10.1/RPMS/nss_wins-3.0.7-2.2.101mdk.i586.rpm
 0171975fe323cf1d7ac036087a7e967e  10.1/RPMS/samba-client-3.0.7-2.2.101mdk.i586.rpm
 8aabb86ac1d0235d5f95353a52f2ee62  10.1/RPMS/samba-common-3.0.7-2.2.101mdk.i586.rpm
 7a2537f0534ae7e643e21671b5a77cba  10.1/RPMS/samba-doc-3.0.7-2.2.101mdk.i586.rpm
 5efc2a327a946a7266daabe64ebf6ed8  10.1/RPMS/samba-passdb-mysql-3.0.7-2.2.101mdk.i586.rpm
 f48c3bc088a21e71eba00e7d18dc3538  10.1/RPMS/samba-passdb-pgsql-3.0.7-2.2.101mdk.i586.rpm
 3a5483ec112532ffb1e7bc8d7ab3722d  10.1/RPMS/samba-passdb-xml-3.0.7-2.2.101mdk.i586.rpm
 42c0de84041d35a6608a4434c3f0aee1  10.1/RPMS/samba-server-3.0.7-2.2.101mdk.i586.rpm
 16a096aaf7504e4462828f171d42e924  10.1/RPMS/samba-swat-3.0.7-2.2.101mdk.i586.rpm
 7f173153c61f02902aaf3290e964fdd9  10.1/RPMS/samba-vscan-clamav-3.0.7-2.2.101mdk.i586.rpm
 4b91a38b17f12fd70b4cc394a239a170  10.1/RPMS/samba-vscan-icap-3.0.7-2.2.101mdk.i586.rpm
 4cd663bc68e60bb769730526d0f0a3d5  10.1/RPMS/samba-winbind-3.0.7-2.2.101mdk.i586.rpm
 b08516b0a07d8869f4a551a107567b27  10.1/SRPMS/samba-3.0.7-2.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 3ddaefe4af1c36f8c6a536824bb5c068  x86_64/10.1/RPMS/lib64smbclient0-3.0.7-2.2.101mdk.x86_64.rpm
 01aac06976ee04a1c92f5f2b2c44630c  x86_64/10.1/RPMS/lib64smbclient0-devel-3.0.7-2.2.101mdk.x86_64.rpm
 471a7bc9b457b84ccc2cf64195ea8425  x86_64/10.1/RPMS/lib64smbclient0-static-devel-3.0.7-2.2.101mdk.x86_64.rpm
 aca44dd76958e392e0a3d7ed98d9c60c  x86_64/10.1/RPMS/nss_wins-3.0.7-2.2.101mdk.x86_64.rpm
 c03d10fe41f44d3e4966bfd14cc72bb3  x86_64/10.1/RPMS/samba-client-3.0.7-2.2.101mdk.x86_64.rpm
 06d40afd3b15849ffabb17f0a0240602  x86_64/10.1/RPMS/samba-common-3.0.7-2.2.101mdk.x86_64.rpm
 406a507ee4aec3134401991cdb84f361  x86_64/10.1/RPMS/samba-doc-3.0.7-2.2.101mdk.x86_64.rpm
 17c9c6e774650e0411e5b7a841583ce2  x86_64/10.1/RPMS/samba-passdb-mysql-3.0.7-2.2.101mdk.x86_64.rpm
 635a5fbe750423abbdb26003d01eda6b  x86_64/10.1/RPMS/samba-passdb-pgsql-3.0.7-2.2.101mdk.x86_64.rpm
 9cf5f0dbe5959add0585f1db33f4cebf  x86_64/10.1/RPMS/samba-passdb-xml-3.0.7-2.2.101mdk.x86_64.rpm
 c34bc9d57dcf5f0996463207e43d2810  x86_64/10.1/RPMS/samba-server-3.0.7-2.2.101mdk.x86_64.rpm
 c95fd60d5ffd00cadb994dc60536a8cb  x86_64/10.1/RPMS/samba-swat-3.0.7-2.2.101mdk.x86_64.rpm
 046c451eb67072dc6b375eb902cd73d6  x86_64/10.1/RPMS/samba-vscan-clamav-3.0.7-2.2.101mdk.x86_64.rpm
 4796c8108dd6f62c36920d6d6b603fdd  x86_64/10.1/RPMS/samba-vscan-icap-3.0.7-2.2.101mdk.x86_64.rpm
 c2b00282b990cf775c09171fbfb077c2  x86_64/10.1/RPMS/samba-winbind-3.0.7-2.2.101mdk.x86_64.rpm
 b08516b0a07d8869f4a551a107567b27  x86_64/10.1/SRPMS/samba-3.0.7-2.2.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBnTTOmqjQ0CJFipgRAn3OAKCRgjxjBTQy6q7VoMcY+OeV+c7m2QCfTk97
xwaFXT3MKVPFuHyWzG6sZrg=
=kyaT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:136 - Updated samba packages fix remote vulnerability Mandrake Linux Security Team (Nov 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault