lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050307144755.A750@caldera.com>
Date: Mon, 7 Mar 2005 14:47:55 -0800
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.4 : Samba multiple security issues



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : Samba multiple security issues
Advisory number: 	SCOSA-2005.17
Issue date: 		2005 February 11
Cross reference:	sr892475 fz530644 erg712754 sr892165 fz530486 erg712735 CAN-2004-0930 CAN-2004-0882 CAN-2004-1154
______________________________________________________________________________


1. Problem Description

	Samba provides file and print services to windows clients.
	Several security issues are fixed by this patch. 

	The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
	other versions allows remote authenticated users to cause
	a denial of service (CPU consumption) via a SAMBA request
	that contains multiple SCOSA-2005.17.in SCOSA-2005.17.txt
	samba.pkg (wildcard) characters. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2004-0930 to this issue. 

	Buffer overflow in the QFILEPATHINFO request handler in Samba 
	3.0.x through 3.0.7 may allow remote attackers to execute 
	arbitrary code via a TRANSACT2_QFILEPATHINFO request with 
	a small "maximum data bytes" value. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2004-0882 to this issue. 

	Integer overflow in the Samba daemon (smbd) in Samba 2.x and 
	3.0.x through 3.0.9 allows remote authenticated users to cause 
	a denial of service (application crash) and possibly execute 
	arbitrary code via a Samba request with a large number of 
	security descriptors that triggers a heap-based buffer overflow. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2004-1154 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			distribution	

3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17

	The fixes are also available in SCO UnixWare 7.1.4 Mantenance Pack 2

        http://www.sco.com/support/update/download/release.php?rid=58

	4.2 Verification

	MD5 (samba.pkg) = 95a6af2eb579624623ff0ceddc9e8c09

	or
	
	MD5 (uw714mp2.iso) = 335919be68f54253852cb8abca11814a

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download samba.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/samba.pkg

	or

        See ftp://ftp.sco.com/pub/unixware7/714/mp/mp2/uw714mp2.txt


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr892475 fz530644
	erg712754 sr892165 fz530486 erg712735.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank Karol Wiesek, Stefan Esser, and Greg MacManus.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCI3DQaqoBO7ipriERAn37AJ0a1r/VkENTW7Z+6Ljg40vQb2Vh2ACeICbV
RFqsA9B8HmBMEJAP9xVdojY=
=S89A
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists