lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030401014823.GD26108@wirex.com>
Date: Mon, 31 Mar 2003 17:48:23 -0800
From: Immunix Security Team <security@...ex.com>
To: bugtraq@...urityfocus.com, immunix-announce@...unix.org,
	linsec@...ts.seifried.org
Subject: Immunix Secured OS 7+ samba update

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	samba
Affected products:	ImmunixOS 6.2, 7.0, 7+
Bugs fixed:		CAN-2003-0085
Date:			Mon Mar 31 2003
Advisory ID:		IMNX-2003-7+-003-01
Author:			Seth Arnold <sarnold@...ex.com>
-----------------------------------------------------------------------

Description:
  Quoting from the Samba security advisory:
    The SuSE security audit team, in particular Sebastian Krahmer
    <krahmer@...e.de>, has found a flaw in the Samba main smbd code
    which could allow an external attacker to remotely and anonymously
    gain Super User (root) privileges on a server running a Samba server.
  in more detail:
    A buffer overrun condition exists in the SMB/CIFS packet fragment
    re-assembly code in smbd which would allow an attacker to cause smbd
    to overwrite arbitrary areas of memory in its own process address
    space. This could allow a skilled attacker to inject binary specific
    exploit code into smbd.
  The patch was prepared by "Jeremy Allison and reviewed by engineers
  from the Samba Team, SuSE, HP, SGI, Apple, and the Linux vendor
  engineers on the Linux Vendor security mailing list."

  We would like to thank Jay Fenlason at Red Hat for separating the
  security-critical portions of the patch apart from the rest of the
  Samba-supplied fix.

  References: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html


Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_2.i386.rpm

Immunix OS 7+ md5sums:
  a74de332ef912b659dee405e996682b9  samba-2.0.10-2_imnx_2.i386.rpm
  0ea784704399dd90280766d378cbf410  samba-client-2.0.10-2_imnx_2.i386.rpm
  2c206898ffed86f63eb1c96bf8b542c2  samba-common-2.0.10-2_imnx_2.i386.rpm


GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@...ex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ