Date: 22 Jul 2004 22:40:09 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:071 - Updated samba packages fix vulnerability in SWAT, samba-server.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:071
Date: July 22nd, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was discovered in SWAT, the Samba Web Administration
Tool. The routine used to decode the base64 data during HTTP basic
authentication is subject to a buffer overrun caused by an invalid
base64 character. This same code is also used to internally decode
the sambaMungedDial attribute value when using the ldapsam passdb
backend, and to decode input given to the ntlm_auth tool.
This vulnerability only exists in Samba versions 3.0.2 or later;
the 3.0.5 release fixes the vulnerability. Systems using SWAT, the
ldapsam passdb backend, and tose running winbindd and allowing third-
party applications to issue authentication requests via ntlm_auth
tool should upgrade immediately. (CAN-2004-0600)
A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable. This bug is present in
Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686)
This update also fixes a bug where attempting to print in some cases
would cause smbd to exit with a signal 11.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
3dc64ca8fe0f7b0aa51a2c84dc514592 10.0/RPMS/libsmbclient0-3.0.2a-3.2.100mdk.i586.rpm
779356b9c230eb85ce37f315232cdc95 10.0/RPMS/libsmbclient0-devel-3.0.2a-3.2.100mdk.i586.rpm
bb4d71ecdefacd3dddddc3688a5eaad5 10.0/RPMS/libsmbclient0-static-devel-3.0.2a-3.2.100mdk.i586.rpm
74df83eb93096ffb23165dbbd28d2011 10.0/RPMS/nss_wins-3.0.2a-3.2.100mdk.i586.rpm
02c7352e5e845c2a3e38d7e321bcbd4b 10.0/RPMS/samba-client-3.0.2a-3.2.100mdk.i586.rpm
28e209b5899bd01b8d39f4dec3677424 10.0/RPMS/samba-common-3.0.2a-3.2.100mdk.i586.rpm
6c5bcd82b4544fe8ddb1e0d70bacfcec 10.0/RPMS/samba-doc-3.0.2a-3.2.100mdk.i586.rpm
43bf0b8c550df90bbe7aee619c5f27b6 10.0/RPMS/samba-passdb-mysql-3.0.2a-3.2.100mdk.i586.rpm
b34d77cf576bc3c6a39e50ccb04fc1ee 10.0/RPMS/samba-passdb-xml-3.0.2a-3.2.100mdk.i586.rpm
1a60acc6cc523537987c789daaa17b99 10.0/RPMS/samba-server-3.0.2a-3.2.100mdk.i586.rpm
d5f09f07939dadda6d39ce619d918dce 10.0/RPMS/samba-swat-3.0.2a-3.2.100mdk.i586.rpm
3f4abab7d5fe16d8db612b07c1c1165d 10.0/RPMS/samba-winbind-3.0.2a-3.2.100mdk.i586.rpm
954256f8fb2dcbff886b1d6a4535bc03 10.0/SRPMS/samba-3.0.2a-3.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
cb4d44e5e85e240a61d601d94b423e82 amd64/10.0/RPMS/nss_wins-3.0.2a-3.2.100mdk.amd64.rpm
99906563140b9dee6e919ab4ca0e61fe amd64/10.0/RPMS/samba-client-3.0.2a-3.2.100mdk.amd64.rpm
cf0c4f39aa078547923032562c170884 amd64/10.0/RPMS/samba-common-3.0.2a-3.2.100mdk.amd64.rpm
a3a2cfd0fe222cf59408720a97eae315 amd64/10.0/RPMS/samba-doc-3.0.2a-3.2.100mdk.amd64.rpm
3adb7cbc3f031e1985fc356fd6cd28d6 amd64/10.0/RPMS/samba-passdb-mysql-3.0.2a-3.2.100mdk.amd64.rpm
d3626d21a8dfd121e6126f2c20c68b12 amd64/10.0/RPMS/samba-passdb-xml-3.0.2a-3.2.100mdk.amd64.rpm
7bce8bf6a2ce61b6d067d29e50cb5959 amd64/10.0/RPMS/samba-server-3.0.2a-3.2.100mdk.amd64.rpm
820dbe19028f73bebf2c1615aa41506c amd64/10.0/RPMS/samba-swat-3.0.2a-3.2.100mdk.amd64.rpm
527d993e2e001ab8585d01f6abd5fed1 amd64/10.0/RPMS/samba-winbind-3.0.2a-3.2.100mdk.amd64.rpm
954256f8fb2dcbff886b1d6a4535bc03 amd64/10.0/SRPMS/samba-3.0.2a-3.2.100mdk.src.rpm
Corporate Server 2.1:
2e17c334f02b4247f1bf2f6e4b5837e3 corporate/2.1/RPMS/nss_wins-2.2.7a-10.2.C21mdk.i586.rpm
a3c3a6dce249f920c2ebef2e42d22efb corporate/2.1/RPMS/samba-client-2.2.7a-10.2.C21mdk.i586.rpm
7e66a36c672abc713c3b78afa62cec4f corporate/2.1/RPMS/samba-common-2.2.7a-10.2.C21mdk.i586.rpm
bf9cb0590bb03749f67b969a8ce47d5b corporate/2.1/RPMS/samba-doc-2.2.7a-10.2.C21mdk.i586.rpm
ba68c6016296c95ba5e60b0caada3d7b corporate/2.1/RPMS/samba-server-2.2.7a-10.2.C21mdk.i586.rpm
33d9a4c1ad830727fcc8c0c74c15b133 corporate/2.1/RPMS/samba-swat-2.2.7a-10.2.C21mdk.i586.rpm
045eb0d5f4564a344dd1ec52affba34e corporate/2.1/RPMS/samba-winbind-2.2.7a-10.2.C21mdk.i586.rpm
f24a2423c032564d94bc4fb7166aab93 corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
64cf3d1928c082f359ee77114a013c09 x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.2.C21mdk.x86_64.rpm
cc53b273802b83a7bde754964f6c1a6a x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.2.C21mdk.x86_64.rpm
5cb1a2021b4b122c1a43372afce7f4a7 x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.2.C21mdk.x86_64.rpm
664628aa6e499379662cd6dda3eb3194 x86_64/corporate/2.1/RPMS/samba-doc-2.2.7a-10.2.C21mdk.x86_64.rpm
55a1275bee7a01f3a01629bfafade340 x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.2.C21mdk.x86_64.rpm
be77b207466e796e3f0625b3e6b2137f x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.2.C21mdk.x86_64.rpm
fe9fad601a5c9086d49ec7c7ff5178db x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.2.C21mdk.x86_64.rpm
f24a2423c032564d94bc4fb7166aab93 x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.2.C21mdk.src.rpm
Mandrakelinux 9.1:
379a81194ac29a44ed5413f504b3f9c6 9.1/RPMS/nss_wins-2.2.7a-9.4.91mdk.i586.rpm
0d8bbc2ff31eb4759171066f87d586ec 9.1/RPMS/samba-client-2.2.7a-9.4.91mdk.i586.rpm
b2699829ae743ca3a3d8c7af7f2287d0 9.1/RPMS/samba-common-2.2.7a-9.4.91mdk.i586.rpm
edcb7e669f0b7fc25a23909add4eeb84 9.1/RPMS/samba-doc-2.2.7a-9.4.91mdk.i586.rpm
dff7e002231035a7bb9c1d6cea97e9b5 9.1/RPMS/samba-server-2.2.7a-9.4.91mdk.i586.rpm
31ac013951ba5e625184a13532208666 9.1/RPMS/samba-swat-2.2.7a-9.4.91mdk.i586.rpm
2ba7a3214babff3bd3294ffd72d023a1 9.1/RPMS/samba-winbind-2.2.7a-9.4.91mdk.i586.rpm
127103f4f0b34572507ef4c94bb7356e 9.1/SRPMS/samba-2.2.7a-9.4.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
d7d1301be1efededc96cb6b1793a8fab ppc/9.1/RPMS/nss_wins-2.2.7a-9.4.91mdk.ppc.rpm
95b7a0ac457b26b72349242b626dc04f ppc/9.1/RPMS/samba-client-2.2.7a-9.4.91mdk.ppc.rpm
2261c5a2b3260ad8352feba778f5e826 ppc/9.1/RPMS/samba-common-2.2.7a-9.4.91mdk.ppc.rpm
3e7b43389cb32844862513726aee3ae2 ppc/9.1/RPMS/samba-doc-2.2.7a-9.4.91mdk.ppc.rpm
326b16a7121fdbe3d16aa33862de8d45 ppc/9.1/RPMS/samba-server-2.2.7a-9.4.91mdk.ppc.rpm
4bdb189ad68d5b9eeab6da7b581295ce ppc/9.1/RPMS/samba-swat-2.2.7a-9.4.91mdk.ppc.rpm
1abeacc0d08792e4e38a9ed22c9a0ebe ppc/9.1/RPMS/samba-winbind-2.2.7a-9.4.91mdk.ppc.rpm
127103f4f0b34572507ef4c94bb7356e ppc/9.1/SRPMS/samba-2.2.7a-9.4.91mdk.src.rpm
Mandrakelinux 9.2:
9bb1f0e25ed2389657501283bf52c054 9.2/RPMS/libsmbclient0-2.2.8a-13.2.92mdk.i586.rpm
eec1734ea897176812921f443fe69d61 9.2/RPMS/libsmbclient0-devel-2.2.8a-13.2.92mdk.i586.rpm
1d179c626717703f6a49a9fd20894dcb 9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.2.92mdk.i586.rpm
e12cfed3fe15749d43857b8aafe31b02 9.2/RPMS/nss_wins-2.2.8a-13.2.92mdk.i586.rpm
f0cd976a453e8b23f0ef9c2c135fc5d7 9.2/RPMS/samba-client-2.2.8a-13.2.92mdk.i586.rpm
8475ca3829dc64ceea8f01abdcade21c 9.2/RPMS/samba-common-2.2.8a-13.2.92mdk.i586.rpm
9fc072548adc6bdd4d30dc9712a78c20 9.2/RPMS/samba-debug-2.2.8a-13.2.92mdk.i586.rpm
cd67210e062a76a83249bf8b55741d1e 9.2/RPMS/samba-doc-2.2.8a-13.2.92mdk.i586.rpm
8f0abb6bc0a82843c5b448c86bb91165 9.2/RPMS/samba-server-2.2.8a-13.2.92mdk.i586.rpm
61c3cfb487802d83d3590f2a1e9d3e23 9.2/RPMS/samba-swat-2.2.8a-13.2.92mdk.i586.rpm
f2f768247a5739b1bff40f2ec691b987 9.2/RPMS/samba-winbind-2.2.8a-13.2.92mdk.i586.rpm
783d6e588fdc85cfb3ba985b2d6abc9e 9.2/SRPMS/samba-2.2.8a-13.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
2352a24ec2b246314b184825cbe63852 amd64/9.2/RPMS/nss_wins-2.2.8a-13.2.92mdk.amd64.rpm
9d06697503f19e780963c5084d826f26 amd64/9.2/RPMS/samba-client-2.2.8a-13.2.92mdk.amd64.rpm
0c3b8f01c1aa411a72cffa24e0e3a321 amd64/9.2/RPMS/samba-common-2.2.8a-13.2.92mdk.amd64.rpm
056c03f2f44fca64ace44c791f8033d9 amd64/9.2/RPMS/samba-debug-2.2.8a-13.2.92mdk.amd64.rpm
e241a63aa9b72f636fd40227bdb6ed84 amd64/9.2/RPMS/samba-doc-2.2.8a-13.2.92mdk.amd64.rpm
5c5cf771ce52300c3908a751ab2a0851 amd64/9.2/RPMS/samba-server-2.2.8a-13.2.92mdk.amd64.rpm
fdc494fde0bf4a1562c9b78e2305792d amd64/9.2/RPMS/samba-swat-2.2.8a-13.2.92mdk.amd64.rpm
64abc0d71c0971febc1202bd47b57496 amd64/9.2/RPMS/samba-winbind-2.2.8a-13.2.92mdk.amd64.rpm
783d6e588fdc85cfb3ba985b2d6abc9e amd64/9.2/SRPMS/samba-2.2.8a-13.2.92mdk.src.rpm
Multi Network Firewall 8.2:
46210227d2e283898c2ca3e43dc22634 mnf8.2/RPMS/nss_wins-2.2.7a-9.4.M82mdk.i586.rpm
30aff3d72c2c21f9a4adf930be4a4741 mnf8.2/RPMS/samba-client-2.2.7a-9.4.M82mdk.i586.rpm
2ef26ca649d580ef375a7f0f8680b764 mnf8.2/RPMS/samba-common-2.2.7a-9.4.M82mdk.i586.rpm
26c1fd8143ff302426882ed1973bd738 mnf8.2/RPMS/samba-doc-2.2.7a-9.4.M82mdk.i586.rpm
ec39d9eaf0af9590e4e4030375e21fc3 mnf8.2/RPMS/samba-server-2.2.7a-9.4.M82mdk.i586.rpm
2bfb7365c2d27f5523d552561af50e7b mnf8.2/RPMS/samba-swat-2.2.7a-9.4.M82mdk.i586.rpm
8fdd11d88ae4895125faf90eae606604 mnf8.2/RPMS/samba-winbind-2.2.7a-9.4.M82mdk.i586.rpm
b7ea85f4455756d7e7d1c9afe19977b5 mnf8.2/SRPMS/samba-2.2.7a-9.4.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBAEJImqjQ0CJFipgRAg0ZAKDziosMuyE/anynDW/Av175LfDQxQCfd2VZ
XCPU49LQ0xM4hZ6bzmfBtYE=
=SWMZ
-----END PGP SIGNATURE-----