• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Samba Filename Mangling Method Buffer Overrun Vulnerability

Solution:
Conectiva has released advisory CLA-2004:854 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Red Hat has released advisory RHSA-2004:404-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

OpenPKG has released an advisory (OpenPKG-SA-2004.033) dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:851 dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:259-23 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Tinysofa Linux has released advisory TSSA-2004-014 dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released advisory SUSE-SA:2004:022 along with fixes dealing with this issue. Please see the referenced vendor advisory for more information.

Mandrake has released advisory MDKSA-2004:071 dealing with this issue. Please see the referenced advisory for more information.

Netwosix Linux has released advisory LNSA-#2004-0015 along with an upgrade dealing with this issue. Please see the referenced advisory for more information.

Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.

HP has released an advisory (HPSBUX01062 - SSRT4782, revision 0) dealing with this issue. Although no resolution has been provided, they recommend that users set the "mangling method = hash2" or "mangled names = no" in smb.conf to temporarily resolve the issue. Please see the referenced advisory for more information.

Gentoo has released fixes for this issue that may be applied with the following commands:
emerge sync
emerge -pv ">=net-fs/samba-3.0.5"
emerge ">=net-fs/samba-3.0.5"

Gentoo has released an updated errata advisory (GLSA 200407-21:02) to correct the list of affected and non-affected versions. Please see the attached advisory for further information.

RedHat has released advisories FEDORA-2004-284, and FEDORA-2004-285 to address this and other issues in RedHat Fedora Core 1 and 2 respectively. Please see the references advisories for further information.

TurboLinux has released advisory TLSA-2004-25 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

The Fedora Legacy project has released advisory FLSA:2102 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.

Sun has released a security bulletin (#57664) to announce that Solaris includes affected versions of the software and that fixes are pending.

The vendor has released an upgrade dealing with this issue.


Sun Solaris 9

• Sun 114684-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114684-03-1

Sun Solaris 9_x86

• Sun 114685-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114685-03-1

Samba Samba 3.0.2 a

• Mandrake libsmbclient0-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsmbclient0-devel-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsmbclient0-static-devel-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nss_wins-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nss_wins-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-client-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-client-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-common-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-common-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-doc-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-doc-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-passdb-mysql-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-passdb-mysql-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-passdb-xml-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-passdb-xml-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-server-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-server-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-swat-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-swat-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-winbind-3.0.2a-3.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake samba-winbind-3.0.2a-3.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Samba Samba 3.0.5
  


• SuSE libsmbclient-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libsmbclient-3.0. 4-1.27.i586.patch.rpm


• SuSE libsmbclient-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libsmbclient- 3.0.4-1.27.x86_64.patch.rpm


• SuSE libsmbclient-devel-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libsmbclient-deve l-3.0.4-1.27.i586.patch.rpm


• SuSE libsmbclient-devel-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libsmbclient- devel-3.0.4-1.27.x86_64.patch.rpm


• SuSE samba-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-3.0.4-1.27. i586.patch.rpm


• SuSE samba-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-3.0.4-1 .27.x86_64.patch.rpm


• SuSE samba-client-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-client-3.0. 4-1.27.i586.patch.rpm


• SuSE samba-client-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-client- 3.0.4-1.27.x86_64.patch.rpm


• SuSE samba-doc-3.0.4-1.12.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-doc-3.0.4-1 .12.i586.patch.rpm


• SuSE samba-doc-3.0.4-1.12.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-doc-3.0 .4-1.12.x86_64.patch.rpm


• SuSE samba-pdb-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-pdb-3.0.4-1 .27.i586.patch.rpm


• SuSE samba-pdb-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-pdb-3.0 .4-1.27.x86_64.patch.rpm


• SuSE samba-python-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-python-3.0. 4-1.27.i586.patch.rpm


• SuSE samba-python-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-python- 3.0.4-1.27.x86_64.patch.rpm


• SuSE samba-winbind-3.0.4-1.27.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-winbind-3.0 .4-1.27.i586.patch.rpm


• SuSE samba-winbind-3.0.4-1.27.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-winbind -3.0.4-1.27.x86_64.patch.rpm


• SuSE libsmbclient-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libsmbclient-3.0. 4-1.27.i586.rpm


• SuSE libsmbclient-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libsmbclient- 3.0.4-1.27.x86_64.rpm


• SuSE libsmbclient-devel-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libsmbclient-deve l-3.0.4-1.27.i586.rpm


• SuSE libsmbclient-devel-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libsmbclient- devel-3.0.4-1.27.x86_64.rpm


• SuSE samba-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-3.0.4-1.27. i586.rpm


• SuSE samba-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-3.0.4-1 .27.x86_64.rpm


• SuSE samba-client-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-client-3.0. 4-1.27.i586.rpm


• SuSE samba-client-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-client- 3.0.4-1.27.x86_64.rpm


• SuSE samba-doc-3.0.4-1.12.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-doc-3.0.4-1 .12.i586.rpm


• SuSE samba-doc-3.0.4-1.12.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-doc-3.0 .4-1.12.x86_64.rpm


• SuSE samba-pdb-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-pdb-3.0.4-1 .27.i586.rpm


• SuSE samba-pdb-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-pdb-3.0 .4-1.27.x86_64.rpm


• SuSE samba-python-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-python-3.0. 4-1.27.i586.rpm


• SuSE samba-python-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-python- 3.0.4-1.27.x86_64.rpm


• SuSE samba-winbind-3.0.4-1.27.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-winbind-3.0 .4-1.27.i586.rpm


• SuSE samba-winbind-3.0.4-1.27.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-winbind -3.0.4-1.27.x86_64.rpm

Samba Samba 3.0.2

• Fedora samba-3.0.6-2.FC1.i386.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-3.0.6-2.FC1.x86_64.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-client-3.0.6-2.FC1.i386.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-client-3.0.6-2.FC1.x86_64.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-common-3.0.6-2.FC1.i386.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-common-3.0.6-2.FC1.x86_64.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-debuginfo-3.0.6-2.FC1.i386.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-debuginfo-3.0.6-2.FC1.x86_64.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-swat-3.0.6-2.FC1.i386.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Fedora samba-swat-3.0.6-2.FC1.x86_64.rpm
  RedHat Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• Samba Samba 3.0.5
  

Samba Samba 3.0.3

• Fedora samba-3.0.6-2.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-3.0.6-2.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-client-3.0.6-2.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-client-3.0.6-2.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-common-3.0.6-2.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-common-3.0.6-2.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-debuginfo-3.0.6-2.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-debuginfo-3.0.6-2.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-swat-3.0.6-2.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora samba-swat-3.0.6-2.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Samba Samba 3.0.5
  

Samba Samba 3.0.4

• Conectiva libsmbclient-devel-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libsmbclient-devel-3.0.4-6 2749U10_2cl.i386.rpm


• Conectiva libsmbclient-devel-static-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libsmbclient-devel-static- 3.0.4-62749U10_2cl.i386.rpm


• Conectiva libsmbclient0-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libsmbclient0-3.0.4-62749U 10_2cl.i386.rpm


• Conectiva samba-clients-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-clients-3.0.4-62749U 10_2cl.i386.rpm


• Conectiva samba-common-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-common-3.0.4-62749U1 0_2cl.i386.rpm


• Conectiva samba-doc-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-doc-3.0.4-62749U10_2 cl.i386.rpm


• Conectiva samba-server-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-server-3.0.4-62749U1 0_2cl.i386.rpm


• Conectiva samba-swat-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-swat-3.0.4-62749U10_ 2cl.i386.rpm


• Conectiva samba-testprogs-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-testprogs-3.0.4-6274 9U10_2cl.i386.rpm


• Conectiva samba-vfs-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vfs-3.0.4-62749U10_2 cl.i386.rpm


• Conectiva samba-vscan-clamav-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-clamav-3.0.4-6 2749U10_2cl.i386.rpm


• Conectiva samba-vscan-fprot-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-fprot-3.0.4-62 749U10_2cl.i386.rpm


• Conectiva samba-vscan-fsecure-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-fsecure-3.0.4- 62749U10_2cl.i386.rpm


• Conectiva samba-vscan-kaspersky-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-kaspersky-3.0. 4-62749U10_2cl.i386.rpm


• Conectiva samba-vscan-mks-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-mks-3.0.4-6274 9U10_2cl.i386.rpm


• Conectiva samba-vscan-oav-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-oav-3.0.4-6274 9U10_2cl.i386.rpm


• Conectiva samba-vscan-sophos-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-sophos-3.0.4-6 2749U10_2cl.i386.rpm


• Conectiva samba-vscan-trend-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-vscan-trend-3.0.4-62 749U10_2cl.i386.rpm


• Conectiva samba-winbind-3.0.4-62749U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/samba-winbind-3.0.4-62749U 10_2cl.i386.rpm


• OpenPKG samba-3.0.4-2.1.1.src.rpm
  ftp://ftp.openpkg.org/release/2.1/UPD/samba-3.0.4-2.1.1.src.rpm


• Samba Samba 3.0.5
  


• Trustix samba-3.0.5-1tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix samba-client-3.0.5-1tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix samba-common-3.0.5-1tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix samba-mysql-3.0.5-1tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/