Date: 1 Oct 2004 22:06:56 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:104 - Updated samba packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:104
Date: October 1st, 2004
Affected versions: 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Karol Wiesek discovered a bug in the input validation routines used to
convert DOS path names to path names on the Samba host's file system.
This bug can be exploited to gain access to files outside of the
share's path as defined in the smb.conf configuration file. This
vulnerability exists in all samba 2.2.x versions up to and including
2.2.11 and also in samba 3.0.x up to and including 3.0.5.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
c2e81998de4c1613beebd82caab08c85 corporate/2.1/RPMS/nss_wins-2.2.7a-10.3.C21mdk.i586.rpm
5ba314544f64d34f8fb655290be13e5f corporate/2.1/RPMS/samba-client-2.2.7a-10.3.C21mdk.i586.rpm
40d9640f87efefaf8055f07c420d775a corporate/2.1/RPMS/samba-common-2.2.7a-10.3.C21mdk.i586.rpm
52b9a76e0c46403a8d6f9ee950755e17 corporate/2.1/RPMS/samba-doc-2.2.7a-10.3.C21mdk.i586.rpm
cc75f89aa1838b49706480194d97557d corporate/2.1/RPMS/samba-server-2.2.7a-10.3.C21mdk.i586.rpm
a323403badf1ef89fdc096ecee185adf corporate/2.1/RPMS/samba-swat-2.2.7a-10.3.C21mdk.i586.rpm
9ac199d2afe27f90a3b8e2c8db579eaf corporate/2.1/RPMS/samba-winbind-2.2.7a-10.3.C21mdk.i586.rpm
274439208095c79431d625fd4770b873 corporate/2.1/SRPMS/samba-2.2.7a-10.3.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
298a9ab15d25ab143071669eb57b8e8e x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.3.C21mdk.x86_64.rpm
1a912c22194d4a27915e3ef17bca782f x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.3.C21mdk.x86_64.rpm
e4c30b68704c4267b9d96edb2c62fbd9 x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.3.C21mdk.x86_64.rpm
5324b0ea0fead78d072053ebea1953ef x86_64/corporate/2.1/RPMS/samba-doc-2.2.7a-10.3.C21mdk.x86_64.rpm
4352e555abbadee56277caa5b13ccaf3 x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.3.C21mdk.x86_64.rpm
10ff20c71b1f0a6f02678b498a12e2ab x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.3.C21mdk.x86_64.rpm
7c8bb6655fa760bf938aa257aec0e95d x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.3.C21mdk.x86_64.rpm
274439208095c79431d625fd4770b873 x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.3.C21mdk.src.rpm
Mandrakelinux 9.2:
0d048a0c1b432ed76517abc3220cd454 9.2/RPMS/libsmbclient0-2.2.8a-13.3.92mdk.i586.rpm
4c7bbb265365e047784f09dcfff3fe7f 9.2/RPMS/libsmbclient0-devel-2.2.8a-13.3.92mdk.i586.rpm
21d90aa58c19709a8978bb8084647121 9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.3.92mdk.i586.rpm
ea75da243b2f6a380cfdc774b9dff534 9.2/RPMS/nss_wins-2.2.8a-13.3.92mdk.i586.rpm
d70ff8e722fabd62d94b139eab65f8c9 9.2/RPMS/samba-client-2.2.8a-13.3.92mdk.i586.rpm
47684bc4eda4b716da37c70592103817 9.2/RPMS/samba-common-2.2.8a-13.3.92mdk.i586.rpm
11a74418ef5a1a037aadac3c635427e9 9.2/RPMS/samba-debug-2.2.8a-13.3.92mdk.i586.rpm
5025e9c06a973b0387d5a841e2ab1329 9.2/RPMS/samba-doc-2.2.8a-13.3.92mdk.i586.rpm
55759de483bcb5ee3267c5ee58e57ee5 9.2/RPMS/samba-server-2.2.8a-13.3.92mdk.i586.rpm
ef2ad8330303b36681dddc8b1084e086 9.2/RPMS/samba-swat-2.2.8a-13.3.92mdk.i586.rpm
4f5b7e9b6d2c6d9a4e36082010dd4842 9.2/RPMS/samba-winbind-2.2.8a-13.3.92mdk.i586.rpm
ac2a2c9b8cc3a00492ad9130ac44acfe 9.2/SRPMS/samba-2.2.8a-13.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
dc262d5a29a0fa0f38f34bc94457b357 amd64/9.2/RPMS/lib64smbclient0-2.2.8a-13.3.92mdk.amd64.rpm
7191f5b24de86da9c7c3764c6c4bdef7 amd64/9.2/RPMS/lib64smbclient0-devel-2.2.8a-13.3.92mdk.amd64.rpm
b899415999930067fc0b68f20c1a0240 amd64/9.2/RPMS/lib64smbclient0-static-devel-2.2.8a-13.3.92mdk.amd64.rpm
3d5d7678586aef4c593c906cd5282f30 amd64/9.2/RPMS/nss_wins-2.2.8a-13.3.92mdk.amd64.rpm
683e530b367a618e72c10f13c152d2f6 amd64/9.2/RPMS/samba-client-2.2.8a-13.3.92mdk.amd64.rpm
56f438efb2b5dd45fab3e0cb051cb138 amd64/9.2/RPMS/samba-common-2.2.8a-13.3.92mdk.amd64.rpm
d5c702e2157b9f2e2f9a0d7bde2d04b6 amd64/9.2/RPMS/samba-debug-2.2.8a-13.3.92mdk.amd64.rpm
c0e2a1badc6458424d707736e747f3db amd64/9.2/RPMS/samba-doc-2.2.8a-13.3.92mdk.amd64.rpm
28162d96ccf468125956af8f0aa00f63 amd64/9.2/RPMS/samba-server-2.2.8a-13.3.92mdk.amd64.rpm
6b0e6353ebd8e72b574de382e1c22a65 amd64/9.2/RPMS/samba-swat-2.2.8a-13.3.92mdk.amd64.rpm
dea3db5f940ebf772a76fed0600c92a4 amd64/9.2/RPMS/samba-winbind-2.2.8a-13.3.92mdk.amd64.rpm
ac2a2c9b8cc3a00492ad9130ac44acfe amd64/9.2/SRPMS/samba-2.2.8a-13.3.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBXdUAmqjQ0CJFipgRAvazAJ9Gvgw1c4H0E0/sKzJqgVQs5Y5uhACgmceV
Yczn5J/2dTCMzS20uu3LzBY=
=loIX
-----END PGP SIGNATURE-----