Date: Mon, 31 Mar 2003 17:48:23 -0800
From: Immunix Security Team <[email protected]>
To: [email protected], [email protected],
Subject: Immunix Secured OS 7+ samba update
--11Y7aswkeuHtSBEs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: samba
Affected products: ImmunixOS 6.2, 7.0, 7+
Bugs fixed: CAN-2003-0085
Date: Mon Mar 31 2003
Advisory ID: IMNX-2003-7+-003-01
Author: Seth Arnold <[email protected]>
-----------------------------------------------------------------------
Description:
Quoting from the Samba security advisory:
The SuSE security audit team, in particular Sebastian Krahmer
<[email protected]>, has found a flaw in the Samba main smbd code
which could allow an external attacker to remotely and anonymously
gain Super User (root) privileges on a server running a Samba server.
in more detail:
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
The patch was prepared by "Jeremy Allison and reviewed by engineers
from the Samba Team, SuSE, HP, SGI, Apple, and the Linux vendor
engineers on the Linux Vendor security mailing list."
We would like to thank Jay Fenlason at Red Hat for separating the
security-critical portions of the patch apart from the rest of the
Samba-supplied fix.
References: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx=
_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10=
-2_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10=
-2_imnx_2.i386.rpm
Immunix OS 7+ md5sums:
a74de332ef912b659dee405e996682b9 samba-2.0.10-2_imnx_2.i386.rpm
0ea784704399dd90280766d378cbf410 samba-client-2.0.10-2_imnx_2.i386.rpm
2c206898ffed86f63eb1c96bf8b542c2 samba-common-2.0.10-2_imnx_2.i386.rpm
GPG verification: =
=20
Our public key is available at <http://wirex.com/security/GPG_KEY>;. =
=20
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact [email protected]. WireX=20
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>;.
--11Y7aswkeuHtSBEs
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6I7+YACgkQVQcWL60UVMutPgCeOGvLYVDa7ajtxO7iQvUaCluI
jEgAn08tZ99ZcFtrJrTdX9SRgMQqt/qb
=9VUh
-----END PGP SIGNATURE-----
--11Y7aswkeuHtSBEs--
