| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Apr 2003 11:39:07 -0700
From: Immunix Security Team <security@...ex.com>
To: bugtraq@...urityfocus.com, immunix-announce@...unix.org,
linsec@...ts.seifried.org
Subject: Immunix Secured OS 7+ samba update
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: samba
Affected products: ImmunixOS 7.0, 7+
Bugs fixed: CAN-2003-0201
Date: Mon Apr 7 2003
Advisory ID: IMNX-2003-7+-006-01
Author: Seth Arnold <sarnold@...ex.com>
-----------------------------------------------------------------------
Description:
Digital Defense found an actively-exploited samba static-buffer
overflow on a honeypot system. They figured out the vulnerable section
of code and alerted the Samba team, who found some additional bugs
while fixing this bug.
In samba version 2.0.10, this buffer is located on the heap, so
StackGuard does not provide protection for this buffer overflow.
There are actively-used samba 2.2 exploits that allow remote anonymous
users to gain local root privileges. The samba 2.2 exploit analyzed by
Digital Defense used a statically allocated buffer. While we do not
know of any exploits against the 2.0.10 version, it may be possible
to re-write the exploit in use to attack the heap-based buffer in
samba 2.0.10. We recommend upgrading.
Please note this is different from (and includes the fixes from)
IMNX-2003-7+-003-01, which addressed different samba security flaws.
References:
http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_3.i386.rpm
Immunix OS 7+ md5sums:
13b41eeaf5ef6d018554fab4ae4958bc samba-2.0.10-2_imnx_3.i386.rpm
bbfeb9255328a8e73790f390aa7afb9f samba-client-2.0.10-2_imnx_3.i386.rpm
feeb2e9d872f5bdc01c44ee125f0170c samba-common-2.0.10-2_imnx_3.i386.rpm
ffa5900e389ed12620ec72bd4fdf5c15 samba-2.0.10-2_imnx_3.src.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@...ex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists