| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Jul 2004 03:35:16 +1000
From: tinysofa Security Team <security@...ysofa.org>
To: bugtraq@...urityfocus.com
Subject: TSSA-2004-014 - samba
===========================================================================
_
|_ . _ _ _ (_ _
|_ | | ) \/ _) (_) | (_|
/
Security Advisory #2004-014
Package name: samba
Summary: Multiple Potential Buffer Overruns
Advisory ID: TSSA-2004-014
Date: 2004-07-23
Affected versions: tinysofa enterprise server 1.0
===========================================================================
Security Fixes
==============
Description
-----------
samba:
* Samba [0] is an Open Source/Free Software suite that provides seamless
file and print services to SMB/CIFS clients.
[Issue #1]
The internal routine used by the Samba Web Administration Tool (SWAT
v3.0.2 and later) to decode the base64 data during HTTP basic
authentication is subject to a buffer overrun caused by an invalid
base64 character.
This same code is used internally to decode the sambaMungedDial
attribute value when using the ldapsam passdb backend.
Sites using an LDAP directory service with Samba are strongly encouraged
to verify that the DIT only allows write access to sambaSamAccount
attributes by a sufficiently authorized user.
This problem has been assigned the name CAN-2004-0600 [1] by the
Common Vulnerabilities and Exposures (CVE) project, and was first
reported by Evgeny Demidov.
[Issue #2]
A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. The default setting
for this parameter is 'mangling method = hash2' and therefore a
default Samba configuration is not vulnerable.
This problem has been assigned the name CAN-2004-0686 [2] by the
Common Vulnerabilities and Exposures (CVE) project.
References
----------
[0] http://www.samba.org/
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
Recommended Action
==================
We recommend that all systems with these packages installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location
========
All tinysofa updates are available from
<URI:http://http.tinysofa.org/pub/tinysofa/updates/>
<URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>
Automatic Updates
=================
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
==========
Check out our mailing lists:
<URI:http://www.tinysofa.org/support/>
Verification
============
This advisory is signed with the tinysofa security sign key.
This key is available from:
<URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>
All tinysofa packages are signed with the tinysofa stable sign key.
This key is available from:
<URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>
The advisory is available from the tinysofa errata database at
<URI:http://www.tinysofa.org/support/errata/>
or directly at
<URI:http://www.tinysofa.org/support/errata/2004/014.html>
MD5sums Of The Packages
=======================
[server-1.0]
e07c187b6a83ddc43aa2717b0ed8827e samba-3.0.5-1ts.i586.rpm
5278e17135758ac3cd2b10e19c777780 samba-client-3.0.5-1ts.i586.rpm
00432c136e9773f4a9140fc41d7f1b04 samba-common-3.0.5-1ts.i586.rpm
a61a566a9b486ff2d4733f17b90505e6 samba-mysql-3.0.5-1ts.i586.rpm
--
tinysofa Security Team <security at tinysofa dot org>
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists