Package : samba Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1154 CERT advisory : VU#226184
Greg MacManus discovered an integer overflow in the smb daemon from Samba, a LanManager like file and printer server for GNU/Linux and Unix-like systems. Requesting a very large number of access control descriptors from the server could exploit the integer overflow, which may result in a buffer overflow which could lead to the execution of arbitrary code with root privileges. Upstream developers have discovered more possible integer overflows that are fixed with this update as well.
For the stable distribution (woody) these problems have been fixed in version 2.2.3a-14.2.
For the unstable distribution (sid) these problems have been fixed in version 3.0.10-1.
We recommend that you upgrade your samba packages.
Upgrade Instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody --------------------------------