[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030502141842.P5521@sco.com>
Date: Fri, 2 May 2003 14:18:42 -0700
From: security@....com
To: bugtraq@...urityfocus.com, announce@...ts.caldera.com,
security-alerts@...uxsecurity.com
Subject: Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities
To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: Various serious Samba vulnerabilities
Advisory number: CSSA-2003-017.0
Issue date: 2003 May 02
Cross reference:
______________________________________________________________________________
1. Problem Description
This update addresses the following Samba issues:
A bug in the length checking for encrypted password change
requests from clients could be exploited using a buffer
overrun attack on the smbd stack.
A vulnerability that could lead to an anonymous user gaining
root access on a Samba serving system.
A chown race condition that could allow overwriting of
critical system files if exploited.
A buffer overflow in the call_trans2open function in trans2.c
allows remote attackers to execute arbitrary code.
Multiple buffer overflows that may allow remote attackers to
execute arbitrary code or cause a denial of service.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to libsmbclient-2.2.2-7.i386.rpm
prior to samba-2.2.2-7.i386.rpm
prior to samba-doc-2.2.2-7.i386.rpm
prior to smbfs-2.2.2-7.i386.rpm
prior to swat-2.2.2-7.i386.rpm
OpenLinux 3.1.1 Workstation prior to libsmbclient-2.2.2-7.i386.rpm
prior to samba-2.2.2-7.i386.rpm
prior to samba-doc-2.2.2-7.i386.rpm
prior to smbfs-2.2.2-7.i386.rpm
prior to swat-2.2.2-7.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/RPMS
4.2 Packages
a4f667678f6a3c283491ae04480625d6 libsmbclient-2.2.2-7.i386.rpm
8c95e0b81771bb703e08937125e8c9bf samba-2.2.2-7.i386.rpm
2a590b5458186279fd3bb17bb87c5af3 samba-doc-2.2.2-7.i386.rpm
fcabaf8b0567ed5faad0e2fe8e206f92 smbfs-2.2.2-7.i386.rpm
bd13c1771c2267549916f3afb60ad019 swat-2.2.2-7.i386.rpm
4.3 Installation
rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
rpm -Fvh samba-2.2.2-7.i386.rpm
rpm -Fvh samba-doc-2.2.2-7.i386.rpm
rpm -Fvh smbfs-2.2.2-7.i386.rpm
rpm -Fvh swat-2.2.2-7.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/SRPMS
4.5 Source Packages
403ddcea6384a309768066e06941a68f samba-2.2.2-7.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/RPMS
5.2 Packages
c04cb8377d18180c6b914ed9d0d1d4e3 libsmbclient-2.2.2-7.i386.rpm
aad7fa4db863931a9c57b8720e17cbb6 samba-2.2.2-7.i386.rpm
be052cbf6e77f05ad1cbc7fba57be7bd samba-doc-2.2.2-7.i386.rpm
4bf70f287baf74e47ef5cff351a7a740 smbfs-2.2.2-7.i386.rpm
906d1705b64767cd774e29287b5ab437 swat-2.2.2-7.i386.rpm
5.3 Installation
rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
rpm -Fvh samba-2.2.2-7.i386.rpm
rpm -Fvh samba-doc-2.2.2-7.i386.rpm
rpm -Fvh smbfs-2.2.2-7.i386.rpm
rpm -Fvh swat-2.2.2-7.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/SRPMS
5.5 Source Packages
21c0df3f652692c3db10dd5783e78e93 samba-2.2.2-7.src.rpm
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr876764, sr875830,
sr872195, fz527679, fz527532, fz526744, erg712283, erg712263,
erg712169.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgements
Steve Langasek (Debian), Sebastian Krahmer (SuSE), and Digital
Defense Inc. discovered and researched these vulnerabilities.
______________________________________________________________________________
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists