BugTraq
Immunix Secured OS 7+ samba update Apr 01 2003 01:48AM
Immunix Security Team (security wirex com)
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: samba
Affected products: ImmunixOS 6.2, 7.0, 7+
Bugs fixed: CAN-2003-0085
Date: Mon Mar 31 2003
Advisory ID: IMNX-2003-7+-003-01
Author: Seth Arnold <sarnold (at) wirex (dot) com [email concealed]>
-----------------------------------------------------------------------

Description:
Quoting from the Samba security advisory:
The SuSE security audit team, in particular Sebastian Krahmer
<krahmer (at) suse (dot) de [email concealed]>, has found a flaw in the Samba main smbd code
which could allow an external attacker to remotely and anonymously
gain Super User (root) privileges on a server running a Samba server.
in more detail:
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
The patch was prepared by "Jeremy Allison and reviewed by engineers
from the Samba Team, SuSE, HP, SGI, Apple, and the Linux vendor
engineers on the Linux Vendor security mailing list."

We would like to thank Jay Fenlason at Red Hat for separating the
security-critical portions of the patch apart from the rest of the
Samba-supplied fix.

References: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html

Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imn
x_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.1
0-2_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.1
0-2_imnx_2.i386.rpm

Immunix OS 7+ md5sums:
a74de332ef912b659dee405e996682b9 samba-2.0.10-2_imnx_2.i386.rpm
0ea784704399dd90280766d378cbf410 samba-client-2.0.10-2_imnx_2.i386.rpm
2c206898ffed86f63eb1c96bf8b542c2 samba-common-2.0.10-2_imnx_2.i386.rpm

GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.

NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
To report vulnerabilities, please contact security (at) wirex (dot) com. [email concealed] WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus