Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Samba
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Samba
ID: MDVSA-2010:090-1
Distribution: Mandriva
Plattformen: Mandriva 2010.0
Datum: Di, 11. Mai 2010, 08:23
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
Applikationen: Samba

Originalnachricht

This is a multi-part message in MIME format...

------------=_1273532954-24326-7660


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:090-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : samba
Date : May 4, 2010
Affected: 2010.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilies has been found and corrected in samba:

client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify
that the (1) device name and (2) mountpoint strings are composed of
valid characters, which allows local users to cause a denial of service
(mtab corruption) via a crafted string (CVE-2010-0547).

client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0787).

The updated packages have been patched to correct these issues.

Update:

It was discovered that the previous Samba update required libtalloc
from Samba4 package. Therefore, this update provides the required
packages in order to fix the issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
8f5f819b50cfaf62c238e6758791b5b5
2010.0/i586/ldb-utils-0.9.3-0.4.alpha8.1mdv2010.0.i586.rpm
d8c57b97736f3f508e900dd7c12e57cc
2010.0/i586/libdcerpc0-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
7733733a537e8b9042d60f0a8e9ee99e
2010.0/i586/libdcerpc-devel-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
e2c3eb439d594264dcb1bf6b5c7ae86f
2010.0/i586/libldb0-0.9.3-0.4.alpha8.1mdv2010.0.i586.rpm
3abb81c0ae4ff4bf341758947c8ba894
2010.0/i586/libldb-devel-0.9.3-0.4.alpha8.1mdv2010.0.i586.rpm
054ef02b0fb4a323227eb2667441e472
2010.0/i586/libndr0-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
19cc9ed139ed38be30107b4f9bc31b1b
2010.0/i586/libndr-devel-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
71fe32545cebfda6eb9f97391e908561
2010.0/i586/libsamba-hostconfig0-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
9e18cb55d07d03a2c3211a3cdafb9214
2010.0/i586/libsamba-hostconfig-devel-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
a43658c727b5f5aa7afbcf19ae3e3231
2010.0/i586/libtalloc1-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
cada4bdc04addcb04fb138527bb2a995
2010.0/i586/libtalloc-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
1babaa5946dc9c4e2fe94a75bf5507a8
2010.0/i586/libtdb1-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
866766e571c43afaf59774dc7a47d3cc
2010.0/i586/libtdb-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
2539a4810e03b0a77a8c5c4faaeb87fe
2010.0/i586/libtevent0-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
3fd0b63a1a6314d813fea5b5298fa4db
2010.0/i586/libtevent-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
7fc867d4ea2d094338b7456eb953a8a4
2010.0/i586/mount-cifs4-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
be9d83f8825cdb4616b76f094c595ecd
2010.0/i586/samba4-client-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
72add693d66463d5494dd058cc4213d4
2010.0/i586/samba4-common-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
7de52ea9aa7059da0d9f3c86e4602992
2010.0/i586/samba4-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
0d1cd1855cf928fb7965e3beecba6784
2010.0/i586/samba4-pidl-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
f6d8e5e2a8eec0b77e6aab6ee83d6578
2010.0/i586/samba4-python-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
3b80378f5de30d4ed1e18073ccdeef16
2010.0/i586/samba4-server-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
ee6a79c118912689cb52547a34649e41
2010.0/i586/samba4-test-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
17985a3819fa0dcdbdf22a6c648736ce
2010.0/i586/tdb-utils-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
b7504617214cb1034a29580b2b697593
2010.0/SRPMS/samba4-4.0.0-0.4.alpha8.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
b1318d1c6ecedeeb4da4972643a19c13
2010.0/x86_64/ldb-utils-0.9.3-0.4.alpha8.1mdv2010.0.x86_64.rpm
5eb775ff7af941e88623013ca49c559f
2010.0/x86_64/lib64dcerpc0-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
017bd8047240704ca5162f4a0b3dd77f
2010.0/x86_64/lib64dcerpc-devel-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
2ea7bb6f8405f525175e3392f084befc
2010.0/x86_64/lib64ldb0-0.9.3-0.4.alpha8.1mdv2010.0.x86_64.rpm
ab732bb499ce71c5a52df68fedfe4bb9
2010.0/x86_64/lib64ldb-devel-0.9.3-0.4.alpha8.1mdv2010.0.x86_64.rpm
fcc211d9ff438446b3bf3031f9c0302e
2010.0/x86_64/lib64ndr0-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
1dcd1ddf1e40a7e9d9ab9c9973d1dc2f
2010.0/x86_64/lib64ndr-devel-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
b84a96186f833edce6fc344294978348
2010.0/x86_64/lib64samba-hostconfig0-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
59585b08d0a4a045d4491bb8c850f57d
2010.0/x86_64/lib64samba-hostconfig-devel-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
628818c2b6dbc7a5bdb2e32ce6130f78
2010.0/x86_64/lib64talloc1-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
f58686dd7985f44d590f9c98cbde29bf
2010.0/x86_64/lib64talloc-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
75a100c230b65b5ffe3540338f96b851
2010.0/x86_64/lib64tdb1-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
a02aeb66c298487f7c344a0011c2312a
2010.0/x86_64/lib64tdb-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
e7f39aaa5f422d699d0c73392fe9a796
2010.0/x86_64/lib64tevent0-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
acd94c5883f1f7f433f1f63a52df499c
2010.0/x86_64/lib64tevent-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
6d91debc61ab281e359b3719d8caa444
2010.0/x86_64/mount-cifs4-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
fc06ddb728a6a09e8d53d490cd0716be
2010.0/x86_64/samba4-client-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
4e1a3e4547bce103ab26e25b9fb3780b
2010.0/x86_64/samba4-common-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
90de7437d5746a8b9bb73d498483775f
2010.0/x86_64/samba4-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
5e41d73b7a195194197e2939671694e2
2010.0/x86_64/samba4-pidl-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
758b6b558fe40817a7fbd9dc3ac2f048
2010.0/x86_64/samba4-python-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
e8443f11a48077b369f4439d138c85e0
2010.0/x86_64/samba4-server-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
96053f726342035db307d73d3696c847
2010.0/x86_64/samba4-test-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
b9628165fe466ece2a0f335026c2feeb
2010.0/x86_64/tdb-utils-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
b7504617214cb1034a29580b2b697593
2010.0/SRPMS/samba4-4.0.0-0.4.alpha8.1mdv2010.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL6GaVmqjQ0CJFipgRAgu/AJ9DwgmRWvj9bFMo7czaPlU1wYMNfACeOEnj
ek+VaAKzVg6yApDnBuDEhXQ=
=rD13
-----END PGP SIGNATURE-----


------------=_1273532954-24326-7660
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1273532954-24326-7660--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung