lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200304100038.CAA21014@mail3.bunt.com>
Date: Thu, 10 Apr 2003 02:38:26 +0200
From: chris1@...l3.bunt.com
To: mbruce@...c.navy.mil, fdanson@...c.navy.mil
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com,
   vulnwatch@...nwatch.org
Subject: Fwd: Samba Security Vulnerability on IRIX


fyi... if you're running samba it's vulnerable

Forwarded Message:
> To: agent99@....com
> From: SGI Security Coordinator <agent99@....com>
> Subject: [Full-Disclosure] Samba Security Vulnerability on IRIX
> Date: Wed, 9 Apr 2003 11:02:42 -0700
> -----
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> ______________________________________________________________________________
>                           SGI Security Advisory
> 
> Title    : Samba Security Vulnerability
> Number   : 20030403-01-P
> Date     : April 9, 2003
> Reference: CVE CAN-2003-0201
> Reference: SGI BUG 886996
> Fixed in : Samba 2.2.8a or patch 5065
> ______________________________________________________________________________
> 
> - -----------------------
> - --- Issue Specifics ---
> - -----------------------
> 
> It's been reported that there is a vulnerability in Samba versions up to and
> including Samba 2.2.8. This vulnerability, if exploited correctly, leads to
> an anonymous user gaining root access on a Samba serving system.
> 
> See: http://master.samba.org/samba/samba.html (Samba News 7 Apr, 2003)
>      http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201
> 
> SGI has investigated the issue and recommends the following steps for
> neutralizing the exposure.  It is HIGHLY RECOMMENDED that these measures be
> implemented on ALL vulnerable SGI systems.
> 
> These issues have been corrected in future releases of Samba and with a
> patch for SGI's Samba 2.2.8.
> 
> 
> - --------------
> - --- Impact ---
> - --------------
> 
> Samba for Irix is not installed by default on IRIX 6.5 systems.  It is an
> optional product that can be purchased and installed as "samba_irix".
> 
> To determine the version of IRIX you are running, execute the following
> command:
> 
>   # /bin/uname -R
> 
> That will return a result similar to the following:
> 
>   # 6.5 6.5.19f
> 
> The first number ("6.5") is the release name, the second ("6.5.16f" in this
> case) is the extended release name.  The extended release name is the
> "version" we refer to throughout this document.
> 
> To see if Samba is installed, execute the following command:
> 
> % versions samba_irix
> I = Installed, R = Removed
> 
>    Name                 Date        Description
> 
>    I  samba_irix           07/02/2002  Samba 2.2.4 for IRIX
>    I  samba_irix.man       07/02/2002  Samba Online Documentation
>    I  samba_irix.man.doc   07/02/2002  Samba 2.2.4 Documentation
>    I  samba_irix.man.manpages  07/02/2002  Samba 2.2.4 Man Page
>    I  samba_irix.man.relnotes  07/02/2002  Samba 2.2.4 Release Notes
>    I  samba_irix.src       07/02/2002  Samba Source Code
>    I  samba_irix.src.samba 07/02/2002  Samba 2.2.4 Source Code
>    I  samba_irix.sw        07/02/2002  Samba Execution Environment
>    I  samba_irix.sw.base   07/02/2002  Samba 2.2.4 Execution Environment
> 
> If the result is similar to the above and the version shown is less than
> 2.2.8a, then the system is vulnerable.
> 
> 
> - ----------------------------
> - --- Temporary Workaround ---
> - ----------------------------
> 
> Though it is possible to limit exposure by filtering what IPs can talk to
> your Samba server, there is no effective workaround to fully address these
> problems.  SGI recommends upgrading to Samba 2.2.8 and installing patch 5065.
> 
> 
> - ----------------
> - --- Solution ---
> - ----------------
> 
> SGI has provided a patch for Samba 2.2.8 for this vulnerability. Our
> recommendation is to upgrade to Samba 2.2.8 and install the patch.
> 
> Patch 5065 only applies to the samba_irix 2.2.8 package.
> This patch will not apply to the freeware versions of samba available from:
> http://freeware.sgi.com/ , http://www.samba.org/ and
> http://master.samba.org/samba/ftp/Binary_Packages/IRIX/
> 
> 
>    OS Version     Vulnerable?     Patch #      Other Actions
>    ----------     -----------     -------      -------------
>    IRIX 3.x        unknown                     Note 1
>    IRIX 4.x        unknown                     Note 1
>    IRIX 5.x        unknown                     Note 1
>    IRIX 6.0.x      unknown                     Note 1
>    IRIX 6.1        unknown                     Note 1
>    IRIX 6.2        unknown                     Note 1
>    IRIX 6.3        unknown                     Note 1
>    IRIX 6.4        unknown                     Note 1
>    IRIX 6.5          yes           5065        Notes 2 & 3
>    IRIX 6.5.1        yes           5065        Notes 2 & 3
>    IRIX 6.5.2        yes           5065        Notes 2 & 3
>    IRIX 6.5.3        yes           5065        Notes 2 & 3
>    IRIX 6.5.4        yes           5065        Notes 2 & 3
>    IRIX 6.5.5        yes           5065        Notes 2 & 3
>    IRIX 6.5.6        yes           5065        Notes 2 & 3
>    IRIX 6.5.7        yes           5065        Notes 2 & 3
>    IRIX 6.5.8        yes           5065        Notes 2 & 3
>    IRIX 6.5.9        yes           5065        Notes 2 & 3
>    IRIX 6.5.10       yes           5065        Notes 2 & 3
>    IRIX 6.5.11       yes           5065        Notes 2 & 3
>    IRIX 6.5.12       yes           5065        Notes 2 & 3
>    IRIX 6.5.13       yes           5065        Notes 2 & 3
>    IRIX 6.5.14       yes           5065        Notes 2 & 3
>    IRIX 6.5.15       yes           5065        Notes 2 & 3
>    IRIX 6.5.16       yes           5065        Notes 2 & 3
>    IRIX 6.5.17       yes           5065        Notes 2 & 3
>    IRIX 6.5.18       yes           5065        Notes 2 & 3
>    IRIX 6.5.19       yes           5065        Notes 2 & 3
>    IRIX 6.5.20       yes           5065        Notes 2 & 3
> 
>    NOTES
> 
>      1) This version of the IRIX operating has been retired. Upgrade to an
>         actively supported IRIX operating system.  See http://support.sgi.com
>         for more information.
> 
>      2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
>         SGI Support Provider or URL: http://support.sgi.com
> 
>      3) If a version of Samba prior to 2.2.8a is installed, the system is
>         vulnerable and you should upgrade to Samba 2.2.8 and install the 
patch.
> 
> 
>               ##### Patch File Checksums ####
> 
> The actual patch will be a tar file containing the following files:
> 
> Filename:                 README.patch.5065
> Algorithm #1 (sum -r):    52833 8 README.patch.5065
> Algorithm #2 (sum):       19672 8 README.patch.5065
> MD5 checksum:             FFB8A9F3304A2C9A793C8C8888E4CBD6
> 
> Filename:                 patchSG0005065
> Algorithm #1 (sum -r):    21712 2 patchSG0005065
> Algorithm #2 (sum):       7400 2 patchSG0005065
> MD5 checksum:             2A80FB9188A81306441E0530200EC184
> 
> Filename:                 patchSG0005065.idb
> Algorithm #1 (sum -r):    65085 4 patchSG0005065.idb
> Algorithm #2 (sum):       64041 4 patchSG0005065.idb
> MD5 checksum:             2A5195E64FC6F093B733CA7C22A7B90C
> 
> Filename:                 patchSG0005065.samba_irix_src
> Algorithm #1 (sum -r):    02420 284 patchSG0005065.samba_irix_src
> Algorithm #2 (sum):       29510 284 patchSG0005065.samba_irix_src
> MD5 checksum:             2E8049C4A7108726D8BF15026BCDE687
> 
> Filename:                 patchSG0005065.samba_irix_sw
> Algorithm #1 (sum -r):    16886 2400 patchSG0005065.samba_irix_sw
> Algorithm #2 (sum):       34027 2400 patchSG0005065.samba_irix_sw
> MD5 checksum:             457451125CFBACF454CE6C990E5CECC0
> 
> 
> - ------------------------
> - --- Acknowledgments ----
> - ------------------------
> 
> SGI wishes to thank The Samba Team and the users of the Internet Community
> at large for their assistance in this matter.
> 
> 
> - -------------
> - --- Links ---
> - -------------
> 
> SGI Security Advisories can be found at:
> http://www.sgi.com/support/security/ and
> ftp://patches.sgi.com/support/free/security/advisories/
> 
> SGI Security Patches can be found at:
> http://www.sgi.com/support/security/ and
> ftp://patches.sgi.com/support/free/security/patches/
> 
> SGI patches for IRIX can be found at the following patch servers:
> http://support.sgi.com/ and ftp://patches.sgi.com/
> 
> SGI freeware updates for IRIX can be found at:
> http://freeware.sgi.com/
> 
> SGI fixes for SGI open sourced code can be found on:
> http://oss.sgi.com/projects/
> 
> SGI patches and RPMs for Linux can be found at:
> http://support.sgi.com/
> 
> SGI patches for Windows NT or 2000 can be found at:
> http://support.sgi.com/
> 
> IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
> http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/
> 
> IRIX 6.5 Maintenance Release Streams can be found at:
> http://support.sgi.com/
> 
> IRIX 6.5 Software Update CDs can be obtained from:
> http://support.sgi.com/
> 
> The primary SGI anonymous FTP site for security advisories and patches is
> patches.sgi.com.  Security advisories and patches are located under the URL
> ftp://patches.sgi.com/support/free/security/
> 
> For security and patch management reasons, ftp.sgi.com (mirrors
> patches.sgi.com security FTP repository) lags behind and does not do a
> real-time update.
> 
> 
> 
> - -----------------------------------------
> - --- SGI Security Information/Contacts ---
> - -----------------------------------------
> 
> If there are questions about this document, email can be sent to
> security-info@....com.
> 
>                       ------oOo------
> 
> SGI provides security information and patches for use by the entire SGI
> community.  This information is freely available to any person needing the
> information and is available via anonymous FTP and the Web.
> 
> The primary SGI anonymous FTP site for security advisories and patches is
> patches.sgi.com.  Security advisories and patches are located under the URL
> ftp://patches.sgi.com/support/free/security/
> 
> The SGI Security Headquarters Web page is accessible at the URL:
> http://www.sgi.com/support/security/
> 
> For issues with the patches on the FTP sites, email can be sent to
> security-info@....com.
> 
> For assistance obtaining or working with security patches, please
> contact your SGI support provider.
> 
>                       ------oOo------
> 
> SGI provides a free security mailing list service called wiretap and
> encourages interested parties to self-subscribe to receive (via email) all
> SGI Security Advisories when they are released. Subscribing to the mailing
> list can be done via the Web
> (http://www.sgi.com/support/security/wiretap.html) or by sending email to
> SGI as outlined below.
> 
> % mail wiretap-request@....com
> subscribe wiretap <YourEmailAddress such as aaanalyst@....com >
> end
> ^d
> 
> In the example above, <YourEmailAddress> is the email address that you wish
> the mailing list information sent to.  The word end must be on a separate
> line to indicate the end of the body of the message. The control-d (^d) is
> used to indicate to the mail program that you are finished composing the
> mail message.
> 
> 
>                       ------oOo------
> 
> SGI provides a comprehensive customer World Wide Web site. This site is
> located at http://www.sgi.com/support/security/ .
> 
>                       ------oOo------
> 
> If there are general security questions on SGI systems, email can be sent to
> security-info@....com.
> 
> For reporting *NEW* SGI security issues, email can be sent to
> security-alert@....com or contact your SGI support provider.  A support
> contract is not required for submitting a security report.
> 
> ______________________________________________________________________________
>       This information is provided freely to all interested parties
>       and may be redistributed provided that it is not altered in any
>       way, SGI is appropriately credited and the document retains and
>       includes its valid PGP signature.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBPpRcUrQ4cFApAP75AQEKMQP+Pp8FTIURkyimzflGu7wRpzKkBtTRBdW7
> 7XiZXWzVqM9Hy46uFkMme5+C6sA3+ah30tx6JZaYJb7mL8wSRMvsitQXF48Bl4Zy
> c3rJp7edEpxbhh+c2Wj4xYRLMolRX/lSZ8qAdmZcpOvWaUvTMOZlR6SmoqM1xp5B
> JtSTN9YbgG4=
> =Tc6B
> -----END PGP SIGNATURE-----
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


---------------------------------------------
This message was sent using Endymion MailMan.
http://www.endymion.com/products/mailman/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ