drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in samba
Name: |
Pufferüberlauf in samba
|
|
ID: |
200303-11 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 18. März 2003, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Samba |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
--------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11 ---------------------------------------------------------------------
PACKAGE : samba SUMMARY : buffer overrun DATE : 2003-03-17 09:22 UTC EXPLOIT : remote VERSIONS AFFECTED : <2.2.8 FIXED VERSION : >=2.2.8 CVE : CAN-2003-0085 CAN-2003-0086
---------------------------------------------------------------------
- From advisory:
"The SuSE security audit team, in particular Sebastian Krahmer <krahmer at suse.de>, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server."
"A buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address space. This could allow a skilled attacker to inject binary specific exploit code into smbd."
Read the full advisory at: http://lists.samba.org/pipermail/samba-announce/2003-March/000063.html
SOLUTION
It is recommended that all Gentoo Linux users who are running net-fs/samba upgrade to samba-2.2.8 as follows:
emerge sync emerge samba emerge clean
--------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+dZPAfT7nyhUpoZMRAqJaAJ90Tc8Bkgq+QRwjzTIdAedcgGZb8wCggBWq Gok26HB4womHvtn/3PrBsXY= =7cIA -----END PGP SIGNATURE-----
|
|
|
|