Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in samba
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in samba
ID: MDVSA-2009:320
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: So, 6. Dezember 2009, 20:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.samba.org/samba/security/CVE-2009-2906.html
http://www.samba.org/samba/security/CVE-2009-2948.html
Applikationen: Samba

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260127295-24326-1729


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:320
http://www.mandriva.com/security/
_______________________________________________________________________

Package : samba
Date : December 6, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in samba:

The acl_group_override function in smbd/posix_acls.c in smbd in Samba
3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before
3.3.6, when dos filemode is enabled, allows remote attackers to modify
access control lists for files via vectors related to read access to
uninitialized memory (CVE-2009-1888).

The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows
File Sharing is enabled, does not properly handle errors in resolving
pathnames, which allows remote authenticated users to bypass intended
sharing restrictions, and read, create, or modify files, in certain
circumstances involving user accounts that lack home directories
(CVE-2009-2813).

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,
and 3.4 before 3.4.2 allows remote authenticated users to cause a
denial of service (infinite loop) via an unanticipated oplock break
notification reply packet (CVE-2009-2906).

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before
3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,
does not properly enforce permissions, which allows local users to
read part of the credentials file and obtain the password by specifying
the path to the credentials file and using the --verbose or -v option
(CVE-2009-2948).

The version of samba shipping with Mandriva Linux 2008.0 has been
updated to the latest version (3.0.37) that includes the fixes for
these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.samba.org/samba/security/CVE-2009-2906.html
http://www.samba.org/samba/security/CVE-2009-2948.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
dd63a83b66113c6868679d69c6465bc3
2008.0/i586/libsmbclient0-3.0.37-0.1mdv2008.0.i586.rpm
93bfb74360ddc2dd279d4e2101f84fbc
2008.0/i586/libsmbclient0-devel-3.0.37-0.1mdv2008.0.i586.rpm
321d998b7db0645174182d55ef20fcf7
2008.0/i586/libsmbclient0-static-devel-3.0.37-0.1mdv2008.0.i586.rpm
be767601a25c3d2f7e3774a5389d4592
2008.0/i586/mount-cifs-3.0.37-0.1mdv2008.0.i586.rpm
b907c06e94f80e049dcd70004f594c02
2008.0/i586/nss_wins-3.0.37-0.1mdv2008.0.i586.rpm
917d9b433270264e4cf3b34f34d2321c
2008.0/i586/samba-client-3.0.37-0.1mdv2008.0.i586.rpm
5708af3868e7285d8236438a86300f6b
2008.0/i586/samba-common-3.0.37-0.1mdv2008.0.i586.rpm
ad4879729e556f3301081783bcaac490
2008.0/i586/samba-doc-3.0.37-0.1mdv2008.0.i586.rpm
4e015a64b77bce05dfa3d867f050d012
2008.0/i586/samba-server-3.0.37-0.1mdv2008.0.i586.rpm
d64cca7a719a74ec788a23fd312e3a99
2008.0/i586/samba-swat-3.0.37-0.1mdv2008.0.i586.rpm
4e24335e02b04cc4c5bdd6ded27fdbe4
2008.0/i586/samba-vscan-icap-3.0.37-0.1mdv2008.0.i586.rpm
c2db429ba1a00044a5e982737d1a182e
2008.0/i586/samba-winbind-3.0.37-0.1mdv2008.0.i586.rpm
3c440be2ff2004d3e3e79c30fd744991
2008.0/SRPMS/samba-3.0.37-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
11fd683e8881b23604d2087550abf530
2008.0/x86_64/lib64smbclient0-3.0.37-0.1mdv2008.0.x86_64.rpm
64ecceaa599d680b8373efa8ad2a9d8d
2008.0/x86_64/lib64smbclient0-devel-3.0.37-0.1mdv2008.0.x86_64.rpm
57d8e14a11103a828c3159173680ff9c
2008.0/x86_64/lib64smbclient0-static-devel-3.0.37-0.1mdv2008.0.x86_64.rpm
0417912110787278d827193a39ba9e2e
2008.0/x86_64/mount-cifs-3.0.37-0.1mdv2008.0.x86_64.rpm
142d13cb94cb2daba8d7db19b73bd5f8
2008.0/x86_64/nss_wins-3.0.37-0.1mdv2008.0.x86_64.rpm
18e53c0c6376e59454d82e24df113e6b
2008.0/x86_64/samba-client-3.0.37-0.1mdv2008.0.x86_64.rpm
4bc6e0d1b91696270ef591f700a96d10
2008.0/x86_64/samba-common-3.0.37-0.1mdv2008.0.x86_64.rpm
7394ea34d00d1cc231d9755c553bb8c0
2008.0/x86_64/samba-doc-3.0.37-0.1mdv2008.0.x86_64.rpm
d406df053249c2970cd180e4a1501d2d
2008.0/x86_64/samba-server-3.0.37-0.1mdv2008.0.x86_64.rpm
34a7b8af585211e478e32182d7290f2b
2008.0/x86_64/samba-swat-3.0.37-0.1mdv2008.0.x86_64.rpm
31fda5329b280c33c5ea5257af8ffb9e
2008.0/x86_64/samba-vscan-icap-3.0.37-0.1mdv2008.0.x86_64.rpm
15e1b26b58908f28cf82d98f5f074304
2008.0/x86_64/samba-winbind-3.0.37-0.1mdv2008.0.x86_64.rpm
3c440be2ff2004d3e3e79c30fd744991
2008.0/SRPMS/samba-3.0.37-0.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLG9hWmqjQ0CJFipgRAkzjAJ9l9txmIdbMpLFLEDOsZAcRVotVYgCg4eWs
eY4frRg9jJHVk9bBK6TtUoI=
=AOrt
-----END PGP SIGNATURE-----


------------=_1260127295-24326-1729
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260127295-24326-1729--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung