[USN-680-1] Samba vulnerability
Subject: [USN-680-1] Samba vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: [email protected]
Cc: "[email protected]" <bugtraq@securityfocus.com.>,
[email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound:
uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -8.2
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.140
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-ATOrbRjUE+KJweMWF8u2"
Date: Thu, 27 Nov 2008 09:22:56 -0500
Message-Id: <1227795776.7497.25.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-ATOrbRjUE+KJweMWF8u2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-680-1 November 27, 2008
samba vulnerability
CVE-2008-4314
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
samba 2:3.2.3-1ubuntu3.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Samba did not properly perform bounds checking
in certain operations. A remote attacker could possibly exploit this to
read arbitrary memory contents of the smb process, which could contain
sensitive infomation or possibly have other impacts, such as a denial of
service.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.3.diff.gz
Size/MD5: 228354 f83899fe1c0310461296b328ad6bfd8a
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.3.dsc
Size/MD5: 1902 bddef52582baae072593399147119e19
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.ta=
r.gz
Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3=
-1ubuntu3.3_all.deb
Size/MD5: 6261250 3cba32a86b765dfea7077fa0ef8a3672
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ub=
untu3.3_all.deb
Size/MD5: 7954632 af31dc4ce959b1a05be7944262bb460a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.=
3-1ubuntu3.3_amd64.deb
Size/MD5: 638612 859812590427a224dec70dc759d818c3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.=
2.3-1ubuntu3.3_amd64.deb
Size/MD5: 1968518 6ab7366368c73cb7f946a28e1d20ad2c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-=
1ubuntu3.3_amd64.deb
Size/MD5: 1370096 9582a74126b77e3f869f42e5c0379e6f
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-=
1ubuntu3.3_amd64.deb
Size/MD5: 88960 23c38ec3c526226430c1173f5c50ac47
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-=
1ubuntu3.3_amd64.deb
Size/MD5: 3815516 e3c4879c048360a4daa5abccd509d029
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ub=
untu3.3_amd64.deb
Size/MD5: 1993296 0abd10cc0387017d20dfadfa24f190fd
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1=
ubuntu3.3_amd64.deb
Size/MD5: 5802316 417b6dca7b8e975b3acac82e4c58bf14
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.3_amd64.deb
Size/MD5: 4908438 1f5a980c1c5d2f9d88ea3094299f5387
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ub=
untu3.3_amd64.deb
Size/MD5: 7173420 abba71e4d522228c21dc69192ab3cd54
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu=
3.3_amd64.deb
Size/MD5: 1529316 51431c5d7a5f197af8afcc09517a399d
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3=
.3_amd64.deb
Size/MD5: 1112612 7cd0400093eb599cba999997ed5fae88
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubun=
tu3.3_amd64.deb
Size/MD5: 3349842 f7d99beef190cf414929348909a804df
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.=
3-1ubuntu3.3_i386.deb
Size/MD5: 573952 859f986a3de794cf5ed27dd389ee5af4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.=
2.3-1ubuntu3.3_i386.deb
Size/MD5: 1844424 30c0faf257433a05bfb52b9bea4865e3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-=
1ubuntu3.3_i386.deb
Size/MD5: 1217612 a5a83d72421dbb1515664ede686c12b0
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-=
1ubuntu3.3_i386.deb
Size/MD5: 87500 fd76021d354c819a59785feccc4d33ea
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-=
1ubuntu3.3_i386.deb
Size/MD5: 3459318 afe074065bb487232a2225bef9b190e3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ub=
untu3.3_i386.deb
Size/MD5: 2077272 acf1cad8b773d7ad2a72491c8d4422af
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1=
ubuntu3.3_i386.deb
Size/MD5: 5161222 28214840e0f4335658d203c8746a6f94
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.3_i386.deb
Size/MD5: 4368894 1bf3bef3fbe5b302ec646a00d1c06bfe
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ub=
untu3.3_i386.deb
Size/MD5: 6402702 d9e0653f05f4ec133e52560ee6f50946
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu=
3.3_i386.deb
Size/MD5: 1375852 8a134dc464ab4ffed997918f6b3206be
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3=
.3_i386.deb
Size/MD5: 1006506 02f42b331a7fb36a0642a37cb1fe68b3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubun=
tu3.3_i386.deb
Size/MD5: 2975264 11b04715205be1568369645b83e33636
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3=
.3_lpia.deb
Size/MD5: 553626 f5c3dce8e75a3b2830c0060286302d16
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubunt=
u3.3_lpia.deb
Size/MD5: 1769074 0982655253fa1150bc65aee04d3e8dde
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3=
_lpia.deb
Size/MD5: 1160830 e9a8e86dd90a0002ccb11e4edba9361a
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3=
_lpia.deb
Size/MD5: 86950 5820ad4178a4bcc540b450dc04a22249
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3=
_lpia.deb
Size/MD5: 3328568 b2b7ad364090ad386190585312866a26
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_lp=
ia.deb
Size/MD5: 2069634 1b7c75e44b5fc2e493e588973070437d
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_=
lpia.deb
Size/MD5: 4949830 c8521b495f15ed0bff9adbc14d60048c
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_lpia.d=
eb
Size/MD5: 4197320 3f8e36ba5e4b1eea985592e29899b363
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_lp=
ia.deb
Size/MD5: 6136768 72a65ce1b83ea7d47577bc6d5e0a2eda
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_lpia.d=
eb
Size/MD5: 1317110 321bdeeb2b86304c127808ea96ec1c5a
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_lpia.de=
b
Size/MD5: 968290 4727bed25a79e31cad479372e2fc7642
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_lpia=
.deb
Size/MD5: 2855842 fc0f25c386587abc402bbf21641c6d59
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3=
.3_powerpc.deb
Size/MD5: 606438 02c15552b12b7628b0b2aaf1489d639c
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubunt=
u3.3_powerpc.deb
Size/MD5: 1730286 81ec2b2edd4b2bc80b0ef2840cb0a7d8
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3=
_powerpc.deb
Size/MD5: 1255004 e01291af6798ff5c11a64b9787e8fdfc
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3=
_powerpc.deb
Size/MD5: 88902 14c7c4184eb595364872552e92969a68
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3=
_powerpc.deb
Size/MD5: 3600158 08f75422765fc166c3b52d76e3ee3975
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_po=
werpc.deb
Size/MD5: 2058508 98110429e0addce3671bc3752687765b
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_=
powerpc.deb
Size/MD5: 5474700 fedc748ab8921bcab6a8c43f32dc1155
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_powerp=
c.deb
Size/MD5: 4639906 0a9141a34e4e7b4562ac9ac377b6f346
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_po=
werpc.deb
Size/MD5: 6653490 030bbc895d8cd8d6c7a77362d46cbf11
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_powerp=
c.deb
Size/MD5: 1417392 3a8a72968d94cd30997d9e7df003e4a0
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_powerpc=
.deb
Size/MD5: 1046090 e9e435264613362d54c3992811163638
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_powe=
rpc.deb
Size/MD5: 3122962 5796717921a7f8fc6ed4953f0060164f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3=
.3_sparc.deb
Size/MD5: 592598 f16838642c3e5671ae85740b83872e3c
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubunt=
u3.3_sparc.deb
Size/MD5: 2008144 aa0f3ceb8e34e4563c799e04d91503b5
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.3=
_sparc.deb
Size/MD5: 1215988 3377b235769c891b5ad54ec0a92cc0e9
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.3=
_sparc.deb
Size/MD5: 87522 3ece3744e0724f32a9944f42f2e6ef74
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.3=
_sparc.deb
Size/MD5: 3501358 fd3fcb79e4510295ca1e60e5d988143e
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.3_sp=
arc.deb
Size/MD5: 2007530 f70762bdf8e0d52ef368591208b3ed15
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.3_=
sparc.deb
Size/MD5: 5327728 863297237833a73d8de68ab2f17d044b
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.3_sparc.=
deb
Size/MD5: 4502036 47a9306d4265522b980ae835fd711697
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.3_sp=
arc.deb
Size/MD5: 6448006 8aeae36c0d511196a6bbbe3bfcf78370
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.3_sparc.=
deb
Size/MD5: 1371010 777c03deb6f03eb87a500b95af21a5c6
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.3_sparc.d=
eb
Size/MD5: 1019660 95a8a0591ba092a066ce2789644ed538
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.3_spar=
c.deb
Size/MD5: 3028816 eaae5c19dff7595cdc553106879621c7
--=-ATOrbRjUE+KJweMWF8u2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkkurT0ACgkQLMAs/0C4zNprAwCfS9EmSnn7rED11SKj4TF9gu+r
1bAAoL+/Aaazb+9XscnLWTpDsO1Yj+TM
=WrIZ
-----END PGP SIGNATURE-----
--=-ATOrbRjUE+KJweMWF8u2--