Samba provides file and print services to windows clients.
Several security issues are fixed by this patch.
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other versions allows remote authenticated users to cause
a denial of service (CPU consumption) via a SAMBA request
that contains multiple SCOSA-2005.17.in SCOSA-2005.17.txt
samba.pkg (wildcard) characters.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0930 to this issue.
Buffer overflow in the QFILEPATHINFO request handler in Samba
3.0.x through 3.0.7 may allow remote attackers to execute
arbitrary code via a TRANSACT2_QFILEPATHINFO request with
a small "maximum data bytes" value.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0882 to this issue.
Integer overflow in the Samba daemon (smbd) in Samba 2.x and
3.0.x through 3.0.9 allows remote authenticated users to cause
a denial of service (application crash) and possibly execute
arbitrary code via a Samba request with a large number of
security descriptors that triggers a heap-based buffer overflow.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1154 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 distribution
3. Solution
The proper solution is to install the latest packages.
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download samba.pkg to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/samba.pkg
or
See ftp://ftp.sco.com/pub/unixware7/714/mp/mp2/uw714mp2.txt
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Karol Wiesek, Stefan Esser, and Greg MacManus.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: UnixWare 7.1.4 : Samba multiple security issues
Advisory number: SCOSA-2005.17
Issue date: 2005 February 11
Cross reference: sr892475 fz530644 erg712754 sr892165 fz530486 erg712735 CAN-2004-0930 CAN-2004-0882 CAN-2004-1154
________________________________________________________________________
______
1. Problem Description
Samba provides file and print services to windows clients.
Several security issues are fixed by this patch.
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other versions allows remote authenticated users to cause
a denial of service (CPU consumption) via a SAMBA request
that contains multiple SCOSA-2005.17.in SCOSA-2005.17.txt
samba.pkg (wildcard) characters.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0930 to this issue.
Buffer overflow in the QFILEPATHINFO request handler in Samba
3.0.x through 3.0.7 may allow remote attackers to execute
arbitrary code via a TRANSACT2_QFILEPATHINFO request with
a small "maximum data bytes" value.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0882 to this issue.
Integer overflow in the Samba daemon (smbd) in Samba 2.x and
3.0.x through 3.0.9 allows remote authenticated users to cause
a denial of service (application crash) and possibly execute
arbitrary code via a Samba request with a large number of
security descriptors that triggers a heap-based buffer overflow.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1154 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 distribution
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17
The fixes are also available in SCO UnixWare 7.1.4 Mantenance Pack 2
http://www.sco.com/support/update/download/release.php?rid=58
4.2 Verification
MD5 (samba.pkg) = 95a6af2eb579624623ff0ceddc9e8c09
or
MD5 (uw714mp2.iso) = 335919be68f54253852cb8abca11814a
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download samba.pkg to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/samba.pkg
or
See ftp://ftp.sco.com/pub/unixware7/714/mp/mp2/uw714mp2.txt
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr892475 fz530644
erg712754 sr892165 fz530486 erg712735.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Karol Wiesek, Stefan Esser, and Greg MacManus.
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)
iD8DBQFCI3DQaqoBO7ipriERAn37AJ0a1r/VkENTW7Z+6Ljg40vQb2Vh2ACeICbV
RFqsA9B8HmBMEJAP9xVdojY=
=S89A
-----END PGP SIGNATURE-----
[ reply ]