Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in samba
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in samba
ID: MDKSA-2004:071
Distribution: Mandrake
Plattformen: Mandrake Multi Network Firewall 8.2, Mandrake Corporate Server 2.1, Mandrake 9.1, Mandrake 9.2, Mandrake 10.0
Datum: Fr, 23. Juli 2004, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686
Applikationen: Samba

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: samba
Advisory ID: MDKSA-2004:071
Date: July 22nd, 2004

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

A vulnerability was discovered in SWAT, the Samba Web Administration
Tool. The routine used to decode the base64 data during HTTP basic
authentication is subject to a buffer overrun caused by an invalid
base64 character. This same code is also used to internally decode
the sambaMungedDial attribute value when using the ldapsam passdb
backend, and to decode input given to the ntlm_auth tool.

This vulnerability only exists in Samba versions 3.0.2 or later;
the 3.0.5 release fixes the vulnerability. Systems using SWAT, the
ldapsam passdb backend, and tose running winbindd and allowing third-
party applications to issue authentication requests via ntlm_auth
tool should upgrade immediately. (CAN-2004-0600)

A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable. This bug is present in
Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686)

This update also fixes a bug where attempting to print in some cases
would cause smbd to exit with a signal 11.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
3dc64ca8fe0f7b0aa51a2c84dc514592
10.0/RPMS/libsmbclient0-3.0.2a-3.2.100mdk.i586.rpm
779356b9c230eb85ce37f315232cdc95
10.0/RPMS/libsmbclient0-devel-3.0.2a-3.2.100mdk.i586.rpm
bb4d71ecdefacd3dddddc3688a5eaad5
10.0/RPMS/libsmbclient0-static-devel-3.0.2a-3.2.100mdk.i586.rpm
74df83eb93096ffb23165dbbd28d2011
10.0/RPMS/nss_wins-3.0.2a-3.2.100mdk.i586.rpm
02c7352e5e845c2a3e38d7e321bcbd4b
10.0/RPMS/samba-client-3.0.2a-3.2.100mdk.i586.rpm
28e209b5899bd01b8d39f4dec3677424
10.0/RPMS/samba-common-3.0.2a-3.2.100mdk.i586.rpm
6c5bcd82b4544fe8ddb1e0d70bacfcec
10.0/RPMS/samba-doc-3.0.2a-3.2.100mdk.i586.rpm
43bf0b8c550df90bbe7aee619c5f27b6
10.0/RPMS/samba-passdb-mysql-3.0.2a-3.2.100mdk.i586.rpm
b34d77cf576bc3c6a39e50ccb04fc1ee
10.0/RPMS/samba-passdb-xml-3.0.2a-3.2.100mdk.i586.rpm
1a60acc6cc523537987c789daaa17b99
10.0/RPMS/samba-server-3.0.2a-3.2.100mdk.i586.rpm
d5f09f07939dadda6d39ce619d918dce
10.0/RPMS/samba-swat-3.0.2a-3.2.100mdk.i586.rpm
3f4abab7d5fe16d8db612b07c1c1165d
10.0/RPMS/samba-winbind-3.0.2a-3.2.100mdk.i586.rpm
954256f8fb2dcbff886b1d6a4535bc03 10.0/SRPMS/samba-3.0.2a-3.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
cb4d44e5e85e240a61d601d94b423e82
amd64/10.0/RPMS/nss_wins-3.0.2a-3.2.100mdk.amd64.rpm
99906563140b9dee6e919ab4ca0e61fe
amd64/10.0/RPMS/samba-client-3.0.2a-3.2.100mdk.amd64.rpm
cf0c4f39aa078547923032562c170884
amd64/10.0/RPMS/samba-common-3.0.2a-3.2.100mdk.amd64.rpm
a3a2cfd0fe222cf59408720a97eae315
amd64/10.0/RPMS/samba-doc-3.0.2a-3.2.100mdk.amd64.rpm
3adb7cbc3f031e1985fc356fd6cd28d6
amd64/10.0/RPMS/samba-passdb-mysql-3.0.2a-3.2.100mdk.amd64.rpm
d3626d21a8dfd121e6126f2c20c68b12
amd64/10.0/RPMS/samba-passdb-xml-3.0.2a-3.2.100mdk.amd64.rpm
7bce8bf6a2ce61b6d067d29e50cb5959
amd64/10.0/RPMS/samba-server-3.0.2a-3.2.100mdk.amd64.rpm
820dbe19028f73bebf2c1615aa41506c
amd64/10.0/RPMS/samba-swat-3.0.2a-3.2.100mdk.amd64.rpm
527d993e2e001ab8585d01f6abd5fed1
amd64/10.0/RPMS/samba-winbind-3.0.2a-3.2.100mdk.amd64.rpm
954256f8fb2dcbff886b1d6a4535bc03
amd64/10.0/SRPMS/samba-3.0.2a-3.2.100mdk.src.rpm

Corporate Server 2.1:
2e17c334f02b4247f1bf2f6e4b5837e3
corporate/2.1/RPMS/nss_wins-2.2.7a-10.2.C21mdk.i586.rpm
a3c3a6dce249f920c2ebef2e42d22efb
corporate/2.1/RPMS/samba-client-2.2.7a-10.2.C21mdk.i586.rpm
7e66a36c672abc713c3b78afa62cec4f
corporate/2.1/RPMS/samba-common-2.2.7a-10.2.C21mdk.i586.rpm
bf9cb0590bb03749f67b969a8ce47d5b
corporate/2.1/RPMS/samba-doc-2.2.7a-10.2.C21mdk.i586.rpm
ba68c6016296c95ba5e60b0caada3d7b
corporate/2.1/RPMS/samba-server-2.2.7a-10.2.C21mdk.i586.rpm
33d9a4c1ad830727fcc8c0c74c15b133
corporate/2.1/RPMS/samba-swat-2.2.7a-10.2.C21mdk.i586.rpm
045eb0d5f4564a344dd1ec52affba34e
corporate/2.1/RPMS/samba-winbind-2.2.7a-10.2.C21mdk.i586.rpm
f24a2423c032564d94bc4fb7166aab93
corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
64cf3d1928c082f359ee77114a013c09
x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.2.C21mdk.x86_64.rpm
cc53b273802b83a7bde754964f6c1a6a
x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.2.C21mdk.x86_64.rpm
5cb1a2021b4b122c1a43372afce7f4a7
x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.2.C21mdk.x86_64.rpm
664628aa6e499379662cd6dda3eb3194
x86_64/corporate/2.1/RPMS/samba-doc-2.2.7a-10.2.C21mdk.x86_64.rpm
55a1275bee7a01f3a01629bfafade340
x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.2.C21mdk.x86_64.rpm
be77b207466e796e3f0625b3e6b2137f
x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.2.C21mdk.x86_64.rpm
fe9fad601a5c9086d49ec7c7ff5178db
x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.2.C21mdk.x86_64.rpm
f24a2423c032564d94bc4fb7166aab93
x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm

Mandrakelinux 9.1:
379a81194ac29a44ed5413f504b3f9c6 9.1/RPMS/nss_wins-2.2.7a-9.4.91mdk.i586.rpm
0d8bbc2ff31eb4759171066f87d586ec
9.1/RPMS/samba-client-2.2.7a-9.4.91mdk.i586.rpm
b2699829ae743ca3a3d8c7af7f2287d0
9.1/RPMS/samba-common-2.2.7a-9.4.91mdk.i586.rpm
edcb7e669f0b7fc25a23909add4eeb84 9.1/RPMS/samba-doc-2.2.7a-9.4.91mdk.i586.rpm
dff7e002231035a7bb9c1d6cea97e9b5
9.1/RPMS/samba-server-2.2.7a-9.4.91mdk.i586.rpm
31ac013951ba5e625184a13532208666
9.1/RPMS/samba-swat-2.2.7a-9.4.91mdk.i586.rpm
2ba7a3214babff3bd3294ffd72d023a1
9.1/RPMS/samba-winbind-2.2.7a-9.4.91mdk.i586.rpm
127103f4f0b34572507ef4c94bb7356e 9.1/SRPMS/samba-2.2.7a-9.4.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
d7d1301be1efededc96cb6b1793a8fab
ppc/9.1/RPMS/nss_wins-2.2.7a-9.4.91mdk.ppc.rpm
95b7a0ac457b26b72349242b626dc04f
ppc/9.1/RPMS/samba-client-2.2.7a-9.4.91mdk.ppc.rpm
2261c5a2b3260ad8352feba778f5e826
ppc/9.1/RPMS/samba-common-2.2.7a-9.4.91mdk.ppc.rpm
3e7b43389cb32844862513726aee3ae2
ppc/9.1/RPMS/samba-doc-2.2.7a-9.4.91mdk.ppc.rpm
326b16a7121fdbe3d16aa33862de8d45
ppc/9.1/RPMS/samba-server-2.2.7a-9.4.91mdk.ppc.rpm
4bdb189ad68d5b9eeab6da7b581295ce
ppc/9.1/RPMS/samba-swat-2.2.7a-9.4.91mdk.ppc.rpm
1abeacc0d08792e4e38a9ed22c9a0ebe
ppc/9.1/RPMS/samba-winbind-2.2.7a-9.4.91mdk.ppc.rpm
127103f4f0b34572507ef4c94bb7356e ppc/9.1/SRPMS/samba-2.2.7a-9.4.91mdk.src.rpm

Mandrakelinux 9.2:
9bb1f0e25ed2389657501283bf52c054
9.2/RPMS/libsmbclient0-2.2.8a-13.2.92mdk.i586.rpm
eec1734ea897176812921f443fe69d61
9.2/RPMS/libsmbclient0-devel-2.2.8a-13.2.92mdk.i586.rpm
1d179c626717703f6a49a9fd20894dcb
9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.2.92mdk.i586.rpm
e12cfed3fe15749d43857b8aafe31b02 9.2/RPMS/nss_wins-2.2.8a-13.2.92mdk.i586.rpm
f0cd976a453e8b23f0ef9c2c135fc5d7
9.2/RPMS/samba-client-2.2.8a-13.2.92mdk.i586.rpm
8475ca3829dc64ceea8f01abdcade21c
9.2/RPMS/samba-common-2.2.8a-13.2.92mdk.i586.rpm
9fc072548adc6bdd4d30dc9712a78c20
9.2/RPMS/samba-debug-2.2.8a-13.2.92mdk.i586.rpm
cd67210e062a76a83249bf8b55741d1e
9.2/RPMS/samba-doc-2.2.8a-13.2.92mdk.i586.rpm
8f0abb6bc0a82843c5b448c86bb91165
9.2/RPMS/samba-server-2.2.8a-13.2.92mdk.i586.rpm
61c3cfb487802d83d3590f2a1e9d3e23
9.2/RPMS/samba-swat-2.2.8a-13.2.92mdk.i586.rpm
f2f768247a5739b1bff40f2ec691b987
9.2/RPMS/samba-winbind-2.2.8a-13.2.92mdk.i586.rpm
783d6e588fdc85cfb3ba985b2d6abc9e 9.2/SRPMS/samba-2.2.8a-13.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
2352a24ec2b246314b184825cbe63852
amd64/9.2/RPMS/nss_wins-2.2.8a-13.2.92mdk.amd64.rpm
9d06697503f19e780963c5084d826f26
amd64/9.2/RPMS/samba-client-2.2.8a-13.2.92mdk.amd64.rpm
0c3b8f01c1aa411a72cffa24e0e3a321
amd64/9.2/RPMS/samba-common-2.2.8a-13.2.92mdk.amd64.rpm
056c03f2f44fca64ace44c791f8033d9
amd64/9.2/RPMS/samba-debug-2.2.8a-13.2.92mdk.amd64.rpm
e241a63aa9b72f636fd40227bdb6ed84
amd64/9.2/RPMS/samba-doc-2.2.8a-13.2.92mdk.amd64.rpm
5c5cf771ce52300c3908a751ab2a0851
amd64/9.2/RPMS/samba-server-2.2.8a-13.2.92mdk.amd64.rpm
fdc494fde0bf4a1562c9b78e2305792d
amd64/9.2/RPMS/samba-swat-2.2.8a-13.2.92mdk.amd64.rpm
64abc0d71c0971febc1202bd47b57496
amd64/9.2/RPMS/samba-winbind-2.2.8a-13.2.92mdk.amd64.rpm
783d6e588fdc85cfb3ba985b2d6abc9e
amd64/9.2/SRPMS/samba-2.2.8a-13.2.92mdk.src.rpm

Multi Network Firewall 8.2:
30aff3d72c2c21f9a4adf930be4a4741
mnf8.2/RPMS/samba-client-2.2.7a-9.4.M82mdk.i586.rpm
2ef26ca649d580ef375a7f0f8680b764
mnf8.2/RPMS/samba-common-2.2.7a-9.4.M82mdk.i586.rpm
b7ea85f4455756d7e7d1c9afe19977b5 mnf8.2/SRPMS/samba-2.2.7a-9.4.M82mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBATLYmqjQ0CJFipgRArRjAJ9wjGDS/tUKvsdvGn7Z9ShYwNruYACgj8Lq
RdvgqbZfP/4NNq8m/fa1S7M=
=c2K/
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung