Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:104 - Updated samba packages fix vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 1 Oct 2004 22:06:56 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           samba
 Advisory ID:            MDKSA-2004:104
 Date:                   October 1st, 2004

 Affected versions:      9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Karol Wiesek discovered a bug in the input validation routines used to
 convert DOS path names to path names on the Samba host's file system.
 This bug can be exploited to gain access to files outside of the
 share's path as defined in the smb.conf configuration file.  This
 vulnerability exists in all samba 2.2.x versions up to and including
 2.2.11 and also in samba 3.0.x up to and including 3.0.5.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 c2e81998de4c1613beebd82caab08c85  corporate/2.1/RPMS/nss_wins-2.2.7a-10.3.C21mdk.i586.rpm
 5ba314544f64d34f8fb655290be13e5f  corporate/2.1/RPMS/samba-client-2.2.7a-10.3.C21mdk.i586.rpm
 40d9640f87efefaf8055f07c420d775a  corporate/2.1/RPMS/samba-common-2.2.7a-10.3.C21mdk.i586.rpm
 52b9a76e0c46403a8d6f9ee950755e17  corporate/2.1/RPMS/samba-doc-2.2.7a-10.3.C21mdk.i586.rpm
 cc75f89aa1838b49706480194d97557d  corporate/2.1/RPMS/samba-server-2.2.7a-10.3.C21mdk.i586.rpm
 a323403badf1ef89fdc096ecee185adf  corporate/2.1/RPMS/samba-swat-2.2.7a-10.3.C21mdk.i586.rpm
 9ac199d2afe27f90a3b8e2c8db579eaf  corporate/2.1/RPMS/samba-winbind-2.2.7a-10.3.C21mdk.i586.rpm
 274439208095c79431d625fd4770b873  corporate/2.1/SRPMS/samba-2.2.7a-10.3.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 298a9ab15d25ab143071669eb57b8e8e  x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.3.C21mdk.x86_64.rpm
 1a912c22194d4a27915e3ef17bca782f  x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.3.C21mdk.x86_64.rpm
 e4c30b68704c4267b9d96edb2c62fbd9  x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.3.C21mdk.x86_64.rpm
 5324b0ea0fead78d072053ebea1953ef  x86_64/corporate/2.1/RPMS/samba-doc-2.2.7a-10.3.C21mdk.x86_64.rpm
 4352e555abbadee56277caa5b13ccaf3  x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.3.C21mdk.x86_64.rpm
 10ff20c71b1f0a6f02678b498a12e2ab  x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.3.C21mdk.x86_64.rpm
 7c8bb6655fa760bf938aa257aec0e95d  x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.3.C21mdk.x86_64.rpm
 274439208095c79431d625fd4770b873  x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.3.C21mdk.src.rpm

 Mandrakelinux 9.2:
 0d048a0c1b432ed76517abc3220cd454  9.2/RPMS/libsmbclient0-2.2.8a-13.3.92mdk.i586.rpm
 4c7bbb265365e047784f09dcfff3fe7f  9.2/RPMS/libsmbclient0-devel-2.2.8a-13.3.92mdk.i586.rpm
 21d90aa58c19709a8978bb8084647121  9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.3.92mdk.i586.rpm
 ea75da243b2f6a380cfdc774b9dff534  9.2/RPMS/nss_wins-2.2.8a-13.3.92mdk.i586.rpm
 d70ff8e722fabd62d94b139eab65f8c9  9.2/RPMS/samba-client-2.2.8a-13.3.92mdk.i586.rpm
 47684bc4eda4b716da37c70592103817  9.2/RPMS/samba-common-2.2.8a-13.3.92mdk.i586.rpm
 11a74418ef5a1a037aadac3c635427e9  9.2/RPMS/samba-debug-2.2.8a-13.3.92mdk.i586.rpm
 5025e9c06a973b0387d5a841e2ab1329  9.2/RPMS/samba-doc-2.2.8a-13.3.92mdk.i586.rpm
 55759de483bcb5ee3267c5ee58e57ee5  9.2/RPMS/samba-server-2.2.8a-13.3.92mdk.i586.rpm
 ef2ad8330303b36681dddc8b1084e086  9.2/RPMS/samba-swat-2.2.8a-13.3.92mdk.i586.rpm
 4f5b7e9b6d2c6d9a4e36082010dd4842  9.2/RPMS/samba-winbind-2.2.8a-13.3.92mdk.i586.rpm
 ac2a2c9b8cc3a00492ad9130ac44acfe  9.2/SRPMS/samba-2.2.8a-13.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 dc262d5a29a0fa0f38f34bc94457b357  amd64/9.2/RPMS/lib64smbclient0-2.2.8a-13.3.92mdk.amd64.rpm
 7191f5b24de86da9c7c3764c6c4bdef7  amd64/9.2/RPMS/lib64smbclient0-devel-2.2.8a-13.3.92mdk.amd64.rpm
 b899415999930067fc0b68f20c1a0240  amd64/9.2/RPMS/lib64smbclient0-static-devel-2.2.8a-13.3.92mdk.amd64.rpm
 3d5d7678586aef4c593c906cd5282f30  amd64/9.2/RPMS/nss_wins-2.2.8a-13.3.92mdk.amd64.rpm
 683e530b367a618e72c10f13c152d2f6  amd64/9.2/RPMS/samba-client-2.2.8a-13.3.92mdk.amd64.rpm
 56f438efb2b5dd45fab3e0cb051cb138  amd64/9.2/RPMS/samba-common-2.2.8a-13.3.92mdk.amd64.rpm
 d5c702e2157b9f2e2f9a0d7bde2d04b6  amd64/9.2/RPMS/samba-debug-2.2.8a-13.3.92mdk.amd64.rpm
 c0e2a1badc6458424d707736e747f3db  amd64/9.2/RPMS/samba-doc-2.2.8a-13.3.92mdk.amd64.rpm
 28162d96ccf468125956af8f0aa00f63  amd64/9.2/RPMS/samba-server-2.2.8a-13.3.92mdk.amd64.rpm
 6b0e6353ebd8e72b574de382e1c22a65  amd64/9.2/RPMS/samba-swat-2.2.8a-13.3.92mdk.amd64.rpm
 dea3db5f940ebf772a76fed0600c92a4  amd64/9.2/RPMS/samba-winbind-2.2.8a-13.3.92mdk.amd64.rpm
 ac2a2c9b8cc3a00492ad9130ac44acfe  amd64/9.2/SRPMS/samba-2.2.8a-13.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBXdUAmqjQ0CJFipgRAvazAJ9Gvgw1c4H0E0/sKzJqgVQs5Y5uhACgmceV
Yczn5J/2dTCMzS20uu3LzBY=
=loIX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:104 - Updated samba packages fix vulnerability Mandrake Linux Security Team (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]