Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Pufferüberlauf in samba
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in samba
ID: USN-29-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Fr, 19. November 2004, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882

Originalnachricht

 
===========================================================
Ubuntu Security Notice USN-29-1		  November 18, 2004
samba vulnerability
CAN-2004-0882
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

samba

The problem can be corrected by upgrading the affected package to
version 3.0.7-1ubuntu6.2.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

During an audit of the Samba 3.x code base Stefan Esser discovered a
Unicode file name buffer overflow within the handling of
TRANSACT2_QFILEPATHINFO replies. A malicious samba user with write
access to a share could exploit this by creating specially crafted
path names (files with very long names containing Unicode characters)
that would overflow an internal buffer and could lead to remote
execution of arbitrary code with the privileges of the samba server.

Since the samba server usually (by default) runs as root, this flaw
can lead to privilege escalation and unbounded system compromise.

  Source archives:

    samba_3.0.7-1ubuntu6.2.diff.gz
      Size/MD5:   287793 5fe703b1046fd5243fa69b6fa6d07294
    samba_3.0.7-1ubuntu6.2.dsc
      Size/MD5:      937 eab645e2ffeb3ffeda2938989f483c48
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7.orig.tar.gz
      Size/MD5: 15012667 5906341429e64214909865a4be92e4ab

  Architecture independent packages:

    samba-doc_3.0.7-1ubuntu6.2_all.deb
      Size/MD5: 11604214 141fc27096df90fb5f26b7166a3c9d6c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    libpam-smbpass_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:   370230 99101e2e61e368dc01179cb7dc2c0133
    libsmbclient-dev_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:   761668 e741cc9ab62203deb7280c7433f69706
    libsmbclient_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:   574786 89ae7e66ce905ace97188609e440bde5
    python2.3-samba_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:  5013524 52f73085749169d113930486f59cbfaf
    samba-common_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:  2089114 f1e43445204746bf37edf2ec41e4295b
    samba_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:  2664486 eb3e05dcc644fb38bc73b0b9d8e0881a
    smbclient_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:  2708734 184bf98f0408a4697850aa6919ebe4ef
    smbfs_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:   360962 7efd7e60f4932c7274a9dca4c6bfff7c
    swat_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:  4026780 ddce360a66fd3e0caf65fccb007b0d18
    winbind_3.0.7-1ubuntu6.2_amd64.deb
      Size/MD5:  1526042 f828ee46913e27507bab3886d82435c3

  i386 architecture (x86 compatible Intel/AMD)

    libpam-smbpass_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:   326852 c9629245ccda89fb9b1dda883879d54b
    libsmbclient-dev_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:   686568 e42aa1a2af130297903b93f9e3e8ca2c
    libsmbclient_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:   509556 7d8076adf8c3eaac60b09ff27bacd911
    python2.3-samba_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:  4414116 c04dabf99c10f32a3e9b799e52eda22b
    samba-common_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:  1835048 ce3604ef73e2d5fb4e7914cdd9050d8f
    samba_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:  2297606 b7e572d19fd4049bf320afdc77c3a6c9
    smbclient_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:  2300214 5383d4fee5aa87876ac5051593955873
    smbfs_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:   308746 1b624b3e4f6e19c3282bd5ac6696d646
    swat_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:  3938366 46e2ae30a1e9dd7dbbdca463bcb9dd1f
    winbind_3.0.7-1ubuntu6.2_i386.deb
      Size/MD5:  1298980 bf1f086f3baacf18e1def88b2de59c37

  powerpc architecture (Apple Macintosh G3/G4/G5)

    libpam-smbpass_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:   356040 4a139f0d03c2c58101009b020f5cd86f
    libsmbclient-dev_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:   705486 c79dca16882996739bc326c4e49eef0d
    libsmbclient_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:   565886 021b551094f41419085bd536f3478719
    python2.3-samba_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:  4809436 df7c43f27708fd1f0b714a42e62d11c9
    samba-common_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:  2044050 2fe8c9c72849c23f4352be940897bc92
    samba_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:  2619354 74a5ae3af513b9ebd4b3fe99f7ac4271
    smbclient_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:  2655304 9ac5438f2b4514df4c3e8adde4f6aec6
    smbfs_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:   353196 16b68de329667642f9520e81fff7ecee
    swat_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:  4015742 68b4ddb082fa1756c18d7b244e5a0a5f
    winbind_3.0.7-1ubuntu6.2_powerpc.deb
      Size/MD5:  1481436 53bd882613f2853683f39d48843cf4fc





-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten

1
LinuxTag: Uni­v­en­ti­on-Ab­sol­ven­ten­preis 2013 verliehen

0
LinuxTag 2013 eröffnet

0
Siduction 2013.1 frei­ge­ge­ben

18
Skype 4.2 für Linux ver­öf­fent­licht

0
Opera 14 für Android mit Web­kit-En­gi­ne

3
ktap: Ker­nel-Tra­ce für ein­ge­bet­te­tes Linux

2
Chrome 27 mit kleinem Ge­schwin­dig­keits­zu­wachs und neuer API für Google Drive

14
Paragon stellt ExtFS für Windows vor

8
Qemu 1.5 er­schie­nen

10
Perl 5.18.0 frei­ge­ge­ben
 
Werbung