lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041217155750.GA2067@box79162.elkhouse.de>
Date: Fri, 17 Dec 2004 16:57:50 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-41-1] Samba vulnerability

===========================================================
Ubuntu Security Notice USN-41-1		  December 17, 2004
samba vulnerability
CAN-2004-1154
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

samba

The problem can be corrected by upgrading the affected package to
version 3.0.7-1ubuntu6.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Greg MacManus discovered an integer overflow in Samba's smbd daemon.
Requesting a very large number of access control descriptors from the
server caused an integer overflow, which resulted in a memory
allocation being too short, thus causing a buffer overflow. By sending
carefully crafted data, an attacker could exploit this to execute
arbitrary code on the server with full root permissions.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.3.diff.gz
      Size/MD5:   374667 ce3dde42bd70c426634839cf54782e0a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.3.dsc
      Size/MD5:      937 a8a5ff93eedc6ea1679149b4f069e3f3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7.orig.tar.gz
      Size/MD5: 15012667 5906341429e64214909865a4be92e4ab

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.7-1ubuntu6.3_all.deb
      Size/MD5: 11604286 39702eae0c00e0c3bd78fa1c6b99620e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:   370810 e5e8868af27b6e4d8ffc44bf9fe1ed1e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:   762814 636deea4ededb8cc8de09397187ddf7f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:   575488 8f47e7277392604c5555b3e0c4058021
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.3-samba_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:  5018166 4c21f61021372d2c733452365d5c96c9
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:  2090898 d10d1211d3225f0d6b22d6be2011bb48
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:  2667600 6702caa1600427d6b2d73c54f3b2bdc8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:  2710742 aa35b3cd3c7abc558bee8af18e611beb
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:   361416 fe47fc6ef1c2481491014340da3b3490
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:  4027140 3273db2b3afaef0d9b2c9e72479b6a59
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.7-1ubuntu6.3_amd64.deb
      Size/MD5:  1527704 252e4e5bd8d10e9f4c4e9c88d4de22e0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:   327364 630f7d24ee6cfc37f7243a407e4a1267
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:   687708 c458ee0029d72a3654fb712e9739b2b3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:   510324 e6da157c33a4b765728e4615163985f1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.3-samba_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:  4418918 d52eaee2504ffae81278721b0ccea558
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:  1836502 41d3d3c8e0683ab554a8032568f675f7
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:  2299824 4cbe8d86b4f61f6eb056baa2fb6f3152
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:  2302160 be1e26f821bc43835ddce7054758adb3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:   309120 c7bc13d8b6eb2bd12fe39a63c9c0cc2a
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:  3938838 f43e590aca75c1e51397dc5db26f7f81
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.7-1ubuntu6.3_i386.deb
      Size/MD5:  1300364 0cb13bb316158c620587910c07c5286c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:   356442 1fcbf302736e3a25c25f075263ab5876
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:   706168 b3cc80d1417a167e0a6e3ff7470818eb
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:   566350 aa443355cc2e4d87d3eb0f03b2c7a144
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.3-samba_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:  4811490 18553dbc7c5816a647dca8a13842fbfa
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:  2045052 ccce36d9d07ebcaa017e15cae5cb6fc1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:  2620790 12cb87e420932b735ce3d691a136566a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:  2656812 e38917838372c2c2580ffa50035e40d4
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:   353458 ad5f350383324d2b9b109ced4a249f06
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:  4016148 30fa677d4c19833873d1bab4c83acb16
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.7-1ubuntu6.3_powerpc.deb
      Size/MD5:  1482364 33132688997e5e72759c8f85e61d2a9c

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ