Description:
A vulnerability in Samba [0] versions 2.2.2 through 2.2.6 was
discovered by the Debian Samba maintainers [1]. A bug in the
length checking for encrypted password change requests from clients
could be exploited using a buffer overrun attack on the smbd(8)
stack. This attack would have to be crafted in such a way that
converting a DOS codepage string to little endian UCS2 unicode
would translate into an executable block of code.
Check whether you are affected by running "<prefix>/bin/rpm -q
samba". If you have an affected version of the samba package (see
above), please upgrade it according to the solution below.
Solution:
Update existing packages to newly patched versions of Samba. Select the
updated source RPM appropriate for your OpenPKG release [2][3][4], and
fetch it from the OpenPKG FTP service or a mirror location. Verify its
integrity [5], build a corresponding binary RPM from it and update your
OpenPKG installation by applying the binary RPM [6]. For the latest
OpenPKG 1.1 release, perform the following operations to permanently fix
the security problem (for other releases adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get samba-2.2.5-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig samba-2.2.5-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild samba-2.2.5-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/samba-2.2.5-1.1.1.*.rpm
# <prefix>/etc/rc samba stop start
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For example, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed] openpkg (at) openpkg (dot) org [email concealed]
OpenPKG-SA-2002.012 29-Nov-2002
________________________________________________________________________
Package: samba
Vulnerability: code execution, root exploit
OpenPKG Specific: no
Dependent Packages: none
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG 1.0 <= samba-2.2.2-1.0.0 >= samba-2.2.2-1.0.1
OpenPKG 1.1 <= samba-2.2.5-1.1.0 >= samba-2.2.5-1.1.1
OpenPKG CURRENT <= samba-2.2.6-20021017 >= samba-2.2.7-20021120
Description:
A vulnerability in Samba [0] versions 2.2.2 through 2.2.6 was
discovered by the Debian Samba maintainers [1]. A bug in the
length checking for encrypted password change requests from clients
could be exploited using a buffer overrun attack on the smbd(8)
stack. This attack would have to be crafted in such a way that
converting a DOS codepage string to little endian UCS2 unicode
would translate into an executable block of code.
Check whether you are affected by running "<prefix>/bin/rpm -q
samba". If you have an affected version of the samba package (see
above), please upgrade it according to the solution below.
Solution:
Update existing packages to newly patched versions of Samba. Select the
updated source RPM appropriate for your OpenPKG release [2][3][4], and
fetch it from the OpenPKG FTP service or a mirror location. Verify its
integrity [5], build a corresponding binary RPM from it and update your
OpenPKG installation by applying the binary RPM [6]. For the latest
OpenPKG 1.1 release, perform the following operations to permanently fix
the security problem (for other releases adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get samba-2.2.5-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig samba-2.2.5-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild samba-2.2.5-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/samba-2.2.5-1.1.1.*.rpm
# <prefix>/etc/rc samba stop start
________________________________________________________________________
References:
[0] http://www.samba.org/
[1] http://www.debian.org/security/2002/dsa-200
[2] ftp://ftp.openpkg.org/release/1.0/UPD/
[3] ftp://ftp.openpkg.org/release/1.1/UPD/
[4] ftp://ftp.openpkg.org/current/SRC/
[5] http://www.openpkg.org/security.html#signature
[6] http://www.openpkg.org/tutorial.html#regular-source
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For example, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>
iEYEARECAAYFAj3nO9UACgkQgHWT4GPEy59p5QCfct5flSu1iV1a7dJGasM0J8iN
kOMAoNvn9Q1524xufDzZb12THUscFpKd
=HEHz
-----END PGP SIGNATURE-----
[ reply ]