Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
From: debian-security-announce () lists debian org
Date: Thu, 7 Oct 2004 09:45:17 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 600-1                     security () debian org
http://www.debian.org/security/                             Martin Schulze
October 7th, 2004                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : samba
Vulnerability  : arbitrary file access
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0815

A vulnerability has been discovered in samba, a commonly used
LanManager-like file and printer server for Unix.  A remote attacker
may be able to gain access to files which exist outside of the share's
defined path.  Such files must still be readable by the account used
for the connection, though.

For the stable distribution (woody) this problem has been fixed in
version 2.2.3a-14.1.

In the unstable (sid) and testing (sarge) distributions this problem
was not present.

We recommend that you upgrade your samba packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1.dsc
      Size/MD5 checksum:      775 a2af736313501d6f44be6cef7cc88cbf
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1.diff.gz
      Size/MD5 checksum:   107344 bdb474462e3e9bd35625afabd07807c1
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
      Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-14.1_all.deb
      Size/MD5 checksum:  2446936 257688d1dfb6f99506cbd8a4c24cabbd

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:   415690 b3dbf67a532d141f790a5d5219185c97
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:   489684 9dcc13fa5fa2a7d7743b7983cb1469d6
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:   600496 8a4794fb364f974dc3de1c8ab739ac4f
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:  2956046 046da9998b8fa36ff224863c9cdf9e75
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:  1131434 5ba458f4aff340332586291da917b87e
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:  1156050 7da311c482e43a342cd5317cdab62d6b
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:   949844 c67ce1367894b077c76239f8a84e3734
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:   623068 1968db82b56c174964b4b74b50dfbd2d
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_alpha.deb
      Size/MD5 checksum:  1106942 1b0f6f783f8085cc66c2952c71ebc7ac

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:   397050 1f6cdc9091bf0bcc0e71ec62135d14b5
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:   461594 4d4617f3583947a6dca094c65ab5af38
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:   547222 d387f6b71718b986a64b93a2a0917165
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:  2553028 9d26784f9f2ffc5ed666f2587afe611b
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:  1023076 da95af57afd726ed8da76b6d2e825f2e
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:  1002748 f96a8323c3479cafed063c310f34e4ad
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:   831732 38fe5c590e10af901099813254798a6b
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:   557864 c33197f9f9c486ee5a0fb91daa37208d
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_arm.deb
      Size/MD5 checksum:   974580 ba96e7d882ffdee927f047dc3ba92065

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   388902 906276eea039d4054dd7b1b523800f78
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   446362 1e09eaf629f560708ec79eec84724c05
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   500072 e9c0ecdcb56cfc099f9d4120f6f57055
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:  2417402 540addf76a43c2750e7ffa50fef80c30
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   993390 af0e79cb8541b5b4d4fdbf9719d85b02
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   954172 29597c7e90f2494598b901dfabdf3b5f
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   793548 3ed212184d0955c5746df428d009ce66
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   535486 4dfed7deebfa5b194c6faf06dfc69c23
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_i386.deb
      Size/MD5 checksum:   930504 6fff5fe9036ef173bd203463ac1b989d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:   461722 475b5d8eb28f074377511560fe486f5c
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:   553746 a75f6c475b65df643e44a040fe7e711f
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:   624886 868c87d3a7d547f5b1bd5a3b59fb5b1b
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:  3487698 1f5b87f988b0e6180945f5857b20f8ca
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:  1248644 8bbafb3289123e119844273ad0ad2c3d
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:  1328518 093f6ce6a584077e9ac22f7477a66e5b
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:  1097776 b3027b1fb9ac978708992983f4aaf290
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:   695522 837c034971efe3a8993471e985e6281f
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_ia64.deb
      Size/MD5 checksum:  1281666 7bcd03f536b8227da0082e18f6af130f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:   419704 b4ab9379f16d68c6d159a3729c786b91
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:   491168 d2f2e84bb69a74ee4b18de1aacf69bb4
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:   589502 cee18a24bec4f6b478631dcc1239570f
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:  2791176 d9fba426a9a203d57b544d11e1077ee5
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:  1081648 95e20e8918b294d826994e6c46da7e1b
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:  1085052 dbde6a318373ef1c9af8d3880fc64369
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:   901402 8485c014bc31c33b7920f019c723c7f3
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:   589990 d16a1fbb42d65379fd3da176a101681e
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_hppa.deb
      Size/MD5 checksum:  1060066 25649416cb5bd76c1c13830ae8edcd3b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   398770 d78c6f2e700781d54f9ecda6eb238526
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   459864 34dd7b9aa8208dd11eb19b8933c545f6
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   504522 2c4aa69979372d832b29d0e5827d497a
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:  2355244 b94ee6ddff1475c77dd4b86dbe5c7700
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   982122 dc728b631e3a850664fd9673a3207773
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   936080 bd30699cb76f232b04a394b19e69bb48
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   788524 7f6226024eb65e088bcedec669773fda
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   524182 cb378ef731154c0b7ca083ba8498e350
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_m68k.deb
      Size/MD5 checksum:   930170 9c890313b5464e84ea94c7139e4a97da

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:   396162 19edb24a089ac6e83afa6a8f10a72f32
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:   459410 bf32361476e1532c939e3a8ad564ee91
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:   569610 84f1ef40e4f77b3860797bbfd4598bf5
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:  2803536 72f070e84bdb57ad3c5d06265342c1f2
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:  1078344 e7d8ab8e476d21041102c81523d05df5
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:  1088376 025c89d9df75d98d5d618c6989d6d71c
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:   910504 ad6825b95aa8c43613c7029ff7bd7540
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:   581202 cd464144a77cfab1735eb6e196d5529a
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_mips.deb
      Size/MD5 checksum:  1027882 f4495e4d24ee836702ca1fb302f40782

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:   392240 9dff38afb6e7c7e02b1261a52de65baa
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:   453984 7abcc75b570fdd0b20d5eb2f39423845
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:   562514 d557482aa96c5a8ecfc71017997ba025
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:  2763974 1203017d0285886c0aa77f82f6ffe070
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:  1071496 9e3b73ac5224413d88d245197a03c37b
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:  1075858 7579097440fcdf9db5e4ebbf977aa964
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:   897104 09661520c88567906c735dbea2d4bcd9
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:   576680 0ae70f3114073659582ad0f0fee9e756
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_mipsel.deb
      Size/MD5 checksum:  1015166 679691391af10ae66a6b49e30dad383d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:   408898 80fd1077e68d809732b4a9cbed09e330
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:   475756 d77bfe732ac15518f0c1b401f790328a
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:   546358 e1b192f4269192c370e9da96b6b38388
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:  2607540 be1ca9d87728d44d5ce6080cd10a57e4
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:  1036772 a38fefa9ce598ce4270334737c158107
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:  1021596 43e0b626d06badd64d8cb901d6581ceb
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:   852636 746e13c82c1b29bf25f3c22ffd278cb3
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:   561004 ea2ded10c59a8e6dcb1c7a2888e3a941
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_powerpc.deb
      Size/MD5 checksum:  1001804 7d683d7359587cce2ae19d64494934d7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   403274 ad2001b54eaadb2a7259c36b2e2a0d75
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   470064 bfccfe495177f91125c7385b74ab5f93
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   526738 26190e2be1b643431d98165ac06e2c63
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:  2496222 51a182dc51d5a0752f995188716ee163
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:  1008300 43c82f3ea0952decd6798d9a59c36c3f
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   982812 f7fae37ce569a2588dab37056fae6644
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   833368 610ed462aa4b1d30d513b1015ef99b79
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   537872 88905dabb2531bf8fdd6087715ad2b75
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_s390.deb
      Size/MD5 checksum:   965790 e5fa1a609806e9725db2f6b3b8fb0df8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   400606 71e121da43b0929b596c4b12668c67c8
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   461986 1ff6cf7a85de91d60b7323d282cabe92
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   523958 ff18c36c4b095cd42adc5895f0301e6c
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:  2513630 66e293e366625e121718521fd989647b
    http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:  1011418 e9308d07b2cb7f0d9cb4f73de3a4dad9
    http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   985474 fa7b07fd1a8320123b09b25aebd6fa7c
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   829604 e27e3024f72fec8d5bc17466849a0c2d
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   543734 18c8d40673cde04dd6c38f3ee592d3fd
    http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_sparc.deb
      Size/MD5 checksum:   964528 88816d5c74bdc056857a57ccb3d58fde


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBZPQIW5ql+IAeqTIRAjoSAKCkfMpEAZZhTRTk6ZEn8Wuwz3UVXgCfdL/O
CpcUKXCiOXDMACBz8S4vD04=
=irHm
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access debian-security-announce (Oct 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault