Date: Mon, 7 Apr 2003 11:39:07 -0700
From: Immunix Security Team <[email protected]>
To: [email protected], [email protected],
Subject: Immunix Secured OS 7+ samba update
--48TaNjbzBVislYPb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: samba
Affected products: ImmunixOS 7.0, 7+
Bugs fixed: CAN-2003-0201
Date: Mon Apr 7 2003
Advisory ID: IMNX-2003-7+-006-01
Author: Seth Arnold <[email protected]>
-----------------------------------------------------------------------
Description:
Digital Defense found an actively-exploited samba static-buffer
overflow on a honeypot system. They figured out the vulnerable section
of code and alerted the Samba team, who found some additional bugs
while fixing this bug.
In samba version 2.0.10, this buffer is located on the heap, so
StackGuard does not provide protection for this buffer overflow.
There are actively-used samba 2.2 exploits that allow remote anonymous
users to gain local root privileges. The samba 2.2 exploit analyzed by
Digital Defense used a statically allocated buffer. While we do not
know of any exploits against the 2.0.10 version, it may be possible
to re-write the exploit in use to attack the heap-based buffer in
samba 2.0.10. We recommend upgrading.
Please note this is different from (and includes the fixes from)
IMNX-2003-7+-003-01, which addressed different samba security flaws.
=20
References:
http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx=
_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10=
-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10=
-2_imnx_3.i386.rpm
Immunix OS 7+ md5sums:
13b41eeaf5ef6d018554fab4ae4958bc samba-2.0.10-2_imnx_3.i386.rpm
bbfeb9255328a8e73790f390aa7afb9f samba-client-2.0.10-2_imnx_3.i386.rpm
feeb2e9d872f5bdc01c44ee125f0170c samba-common-2.0.10-2_imnx_3.i386.rpm
ffa5900e389ed12620ec72bd4fdf5c15 samba-2.0.10-2_imnx_3.src.rpm
GPG verification: =
=20
Our public key is available at <http://wirex.com/security/GPG_KEY>;. =
=20
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact [email protected]. WireX=20
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>;.
--48TaNjbzBVislYPb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6RxcoACgkQVQcWL60UVMtKxwCffaze1gckJfU64LJ34srfozL2
+UsAoJXpIcgzvAJWdBdOnOTuK9bl50PV
=JVCJ
-----END PGP SIGNATURE-----
--48TaNjbzBVislYPb--
