[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040420001034.25624.qmail@updates.mandrakesoft.com>
Date: 20 Apr 2004 00:10:34 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:035
Date: April 19th, 2004
Affected versions: 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was discovered in samba where a local user could use
the smbmnt utility, which is shipped suid root, to mount a file share
from a remote server which would contain a setuid program under the
control of the user. By executing this setuid program, the local user
could elevate their privileges on the local system.
The updated packages are patched to prevent this problem. The version
of samba shipped with Mandrakelinux 10.0 does not have this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
d21438ffa636ecd25e7750b8bdd5703d corporate/2.1/RPMS/nss_wins-2.2.7a-10.1.C21mdk.i586.rpm
b8f666773e8d1e050853f1a50a3c02f9 corporate/2.1/RPMS/samba-client-2.2.7a-10.1.C21mdk.i586.rpm
d81e4fcfe67c7c84045727698e6b1d7f corporate/2.1/RPMS/samba-common-2.2.7a-10.1.C21mdk.i586.rpm
bd0a006adb5e91add323e43e963eb5e6 corporate/2.1/RPMS/samba-server-2.2.7a-10.1.C21mdk.i586.rpm
f680dc58a4ffc59ef4720114f75b7b39 corporate/2.1/RPMS/samba-swat-2.2.7a-10.1.C21mdk.i586.rpm
ab10c41c4df2297d3aa7e3c1aa916523 corporate/2.1/RPMS/samba-winbind-2.2.7a-10.1.C21mdk.i586.rpm
ecec6cb6375d7ae188513869b41f3312 corporate/2.1/SRPMS/samba-2.2.7a-10.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
edff5ed0ea6253815e771cb73b119c5b x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.1.C21mdk.x86_64.rpm
74931855e85a943b2e4b443027e9b6be x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.1.C21mdk.x86_64.rpm
96985856b520226670bb1c9cdce4b059 x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.1.C21mdk.x86_64.rpm
814ffc9eba0c291d72c6b94228391a03 x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.1.C21mdk.x86_64.rpm
1fb1b66424f24456c42a4ff29dd6df3f x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.1.C21mdk.x86_64.rpm
f51e1b8b2c741c8c80ee7ca2842b6cda x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.1.C21mdk.x86_64.rpm
ecec6cb6375d7ae188513869b41f3312 x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.1.C21mdk.src.rpm
Mandrakelinux 9.1:
0b0f7e967526e258dda77919b816581e 9.1/RPMS/nss_wins-2.2.7a-9.3.91mdk.i586.rpm
347990aa57a8049f9b818b73b7dfc999 9.1/RPMS/samba-client-2.2.7a-9.3.91mdk.i586.rpm
f837a08ba563afb0b90d8f317650d53a 9.1/RPMS/samba-common-2.2.7a-9.3.91mdk.i586.rpm
267059808808f229c4c46489b42a51aa 9.1/RPMS/samba-server-2.2.7a-9.3.91mdk.i586.rpm
f126aede0bc3c567a7a08c0283c646b7 9.1/RPMS/samba-swat-2.2.7a-9.3.91mdk.i586.rpm
7e7073b64c1ea830a7e67141c2126426 9.1/RPMS/samba-winbind-2.2.7a-9.3.91mdk.i586.rpm
37b0189625ab31d636e115b6a5e2c8ba 9.1/SRPMS/samba-2.2.7a-9.3.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
5685d1c563a650a939626363ec886cd9 ppc/9.1/RPMS/nss_wins-2.2.7a-9.3.91mdk.ppc.rpm
2d6a20a9dcb1a77d7492d1f18ddd6e5f ppc/9.1/RPMS/samba-client-2.2.7a-9.3.91mdk.ppc.rpm
a43dc136b3e783dcec9ad3fc9b085141 ppc/9.1/RPMS/samba-common-2.2.7a-9.3.91mdk.ppc.rpm
023bae957f6f623c866ac948999858d7 ppc/9.1/RPMS/samba-server-2.2.7a-9.3.91mdk.ppc.rpm
e7e7b68ade642ee38fa24d8e83f1c0c6 ppc/9.1/RPMS/samba-swat-2.2.7a-9.3.91mdk.ppc.rpm
0d095ca23f539abcb8350ebbf44ac2ac ppc/9.1/RPMS/samba-winbind-2.2.7a-9.3.91mdk.ppc.rpm
37b0189625ab31d636e115b6a5e2c8ba ppc/9.1/SRPMS/samba-2.2.7a-9.3.91mdk.src.rpm
Mandrakelinux 9.2:
4cdbe5d2f84adcede114765ca2137b69 9.2/RPMS/libsmbclient0-2.2.8a-13.1.92mdk.i586.rpm
4c35c1afcffb305312dcdf8965472ccf 9.2/RPMS/libsmbclient0-devel-2.2.8a-13.1.92mdk.i586.rpm
f8b498bce62ab12529f5edff4fb7c674 9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.1.92mdk.i586.rpm
95253c8785f2c30484e395086d4267b7 9.2/RPMS/nss_wins-2.2.8a-13.1.92mdk.i586.rpm
c5026f96ee77eca5a6dd3c42002e1a56 9.2/RPMS/samba-client-2.2.8a-13.1.92mdk.i586.rpm
4f6e9e99b8bd126a0acd8df1fc589fe0 9.2/RPMS/samba-common-2.2.8a-13.1.92mdk.i586.rpm
299a19bb90f3ac367d9bd2e625760b9e 9.2/RPMS/samba-debug-2.2.8a-13.1.92mdk.i586.rpm
4ccc678b92cb829426d8f3622f87a9a2 9.2/RPMS/samba-server-2.2.8a-13.1.92mdk.i586.rpm
675508dd0bd35458c5ae213d62176d49 9.2/RPMS/samba-swat-2.2.8a-13.1.92mdk.i586.rpm
45311b1de6295589382acbb274c2948c 9.2/RPMS/samba-winbind-2.2.8a-13.1.92mdk.i586.rpm
34b58acde75a4cd4842972d76faa4e42 9.2/SRPMS/samba-2.2.8a-13.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
34b58acde75a4cd4842972d76faa4e42 amd64/9.2/SRPMS/samba-2.2.8a-13.1.92mdk.src.rpm
Multi Network Firewall 8.2:
99885d9835b1283f4992aa9ebc4c7589 mnf8.2/RPMS/samba-client-2.2.7a-9.3.M82mdk.i586.rpm
4dd0757ebe8c8db713a00206c37c647a mnf8.2/RPMS/samba-common-2.2.7a-9.3.M82mdk.i586.rpm
26e6c150b49f6c3e88599554213ae40d mnf8.2/SRPMS/samba-2.2.7a-9.3.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAhGp6mqjQ0CJFipgRApBPAJ0ZBoIR14QJXUMVMvMInbWmB8bOkwCfRneP
MH+j6L1Z+4NmWcvAbmh7pg8=
=tTrp
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists