lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HnluV-00006O-Kq@artemis.annvix.ca>
Date: Mon, 14 May 2007 19:33:07 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:104 ] - Updated samba packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:104
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : samba
 Date    : May 14, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of bugs were discovered in the NDR parsing support in Samba
 that is used to decode MS-RPC requests.  A remote attacker could
 send a carefully crafted request that would cause a heap overflow,
 possibly leading to the ability to execute arbitrary code on the server
 (CVE-2007-2446).
 
 A remote authenticated user could trigger a flaw where unescaped
 user input parameters were being passed as arguments to /bin/sh
 (CVE-2007-2447).
 
 Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from
 name using the Samba local list of user and group accounts, a logic
 error in smbd's internal security stack could result in a transition
 to the root user id rather than the non-root user (CVE-2007-2444).
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 716c24151950b961e92f04774ffcdc8b  2007.0/i586/libsmbclient0-3.0.23d-2.2mdv2007.0.i586.rpm
 37b2a7d648f978ddd77f0a2923574796  2007.0/i586/libsmbclient0-devel-3.0.23d-2.2mdv2007.0.i586.rpm
 58f635fbece6d6f6d9f20f5c2290a434  2007.0/i586/libsmbclient0-static-devel-3.0.23d-2.2mdv2007.0.i586.rpm
 558a952ec8b1d38018dc173b6e280c4c  2007.0/i586/mount-cifs-3.0.23d-2.2mdv2007.0.i586.rpm
 92ea3af774e3369df5c2f0d3c58ac6c8  2007.0/i586/nss_wins-3.0.23d-2.2mdv2007.0.i586.rpm
 f122d0ef61377515c177d1d46e0663e0  2007.0/i586/samba-client-3.0.23d-2.2mdv2007.0.i586.rpm
 87c4ca9934dfe96e8567188ec77ab43f  2007.0/i586/samba-common-3.0.23d-2.2mdv2007.0.i586.rpm
 8b9260e5c5b1a9450147a4e703a06216  2007.0/i586/samba-doc-3.0.23d-2.2mdv2007.0.i586.rpm
 ac376f31a30f81045807e0106135d49e  2007.0/i586/samba-server-3.0.23d-2.2mdv2007.0.i586.rpm
 a50d23f088e7aa8d1ab220c1c23f8a7b  2007.0/i586/samba-smbldap-tools-3.0.23d-2.2mdv2007.0.i586.rpm
 c0b4d1199b4a0eeb3b2d59e00cae62a2  2007.0/i586/samba-swat-3.0.23d-2.2mdv2007.0.i586.rpm
 c121f0fc1e20a66a619a81e92f1a1292  2007.0/i586/samba-vscan-clamav-3.0.23d-2.2mdv2007.0.i586.rpm
 7ce43909e6c9ad79b99d10d01ace725b  2007.0/i586/samba-vscan-icap-3.0.23d-2.2mdv2007.0.i586.rpm
 f1cab6002edd2f55998207cb2798735a  2007.0/i586/samba-winbind-3.0.23d-2.2mdv2007.0.i586.rpm 
 d8cc001c31fa74a3d0dc647a9a2d6189  2007.0/SRPMS/samba-3.0.23d-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7a094868bac43abebad6993b00b43f4c  2007.0/x86_64/lib64smbclient0-3.0.23d-2.2mdv2007.0.x86_64.rpm
 46c45ca8e41c5d241d91242f5146cd21  2007.0/x86_64/lib64smbclient0-devel-3.0.23d-2.2mdv2007.0.x86_64.rpm
 daa5d378284085626a31ea86c88ddbb5  2007.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.2mdv2007.0.x86_64.rpm
 39244d59b424c5dd6730a8692dd58a69  2007.0/x86_64/mount-cifs-3.0.23d-2.2mdv2007.0.x86_64.rpm
 0f2ea2f1e2c49d5876d818c4fb717a42  2007.0/x86_64/nss_wins-3.0.23d-2.2mdv2007.0.x86_64.rpm
 299fb441d1f30a5bf4880e69ab4c567a  2007.0/x86_64/samba-client-3.0.23d-2.2mdv2007.0.x86_64.rpm
 de23ae0b37c03f48b5bec4eec8feec21  2007.0/x86_64/samba-common-3.0.23d-2.2mdv2007.0.x86_64.rpm
 b6108c29c471a1f875724b2369ec3730  2007.0/x86_64/samba-doc-3.0.23d-2.2mdv2007.0.x86_64.rpm
 fefb223546ff75104bc8a225dd976a3a  2007.0/x86_64/samba-server-3.0.23d-2.2mdv2007.0.x86_64.rpm
 c5b96ac8a2c86cf35c825aab7591e0b8  2007.0/x86_64/samba-smbldap-tools-3.0.23d-2.2mdv2007.0.x86_64.rpm
 946afeb5a642166c5f6c37c597442d35  2007.0/x86_64/samba-swat-3.0.23d-2.2mdv2007.0.x86_64.rpm
 ade5c3ae808ecd0b33fbb2a951e7a7ca  2007.0/x86_64/samba-vscan-clamav-3.0.23d-2.2mdv2007.0.x86_64.rpm
 174447d8ff5a59b41601513a0d66f6b4  2007.0/x86_64/samba-vscan-icap-3.0.23d-2.2mdv2007.0.x86_64.rpm
 a2d974c2ff6b1370a33b0611218e5570  2007.0/x86_64/samba-winbind-3.0.23d-2.2mdv2007.0.x86_64.rpm 
 d8cc001c31fa74a3d0dc647a9a2d6189  2007.0/SRPMS/samba-3.0.23d-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 bf574b4d76cc3991dcdf9d2be9ab58d1  2007.1/i586/libsmbclient0-3.0.24-2.1mdv2007.1.i586.rpm
 b7a54d41b0531a6064c5f35bf8dee5ab  2007.1/i586/libsmbclient0-devel-3.0.24-2.1mdv2007.1.i586.rpm
 807fed678863d222c06aefec93bbb538  2007.1/i586/libsmbclient0-static-devel-3.0.24-2.1mdv2007.1.i586.rpm
 577de11ee8ae9944dee0a2b5de593665  2007.1/i586/mount-cifs-3.0.24-2.1mdv2007.1.i586.rpm
 59a9a0c949ea7dbc89eb2475069052bf  2007.1/i586/nss_wins-3.0.24-2.1mdv2007.1.i586.rpm
 e2654e387665df343f0801834ebbd294  2007.1/i586/samba-client-3.0.24-2.1mdv2007.1.i586.rpm
 d43219197f1405d9d080b4f3dacec700  2007.1/i586/samba-common-3.0.24-2.1mdv2007.1.i586.rpm
 ec6fc2d887956afc749c2ed07e8ee31c  2007.1/i586/samba-doc-3.0.24-2.1mdv2007.1.i586.rpm
 a87c7d0f1e55d6dd7a6e729484fa4925  2007.1/i586/samba-server-3.0.24-2.1mdv2007.1.i586.rpm
 bf9c304bf3bf63de01c9360e62ff2f8e  2007.1/i586/samba-smbldap-tools-3.0.24-2.1mdv2007.1.i586.rpm
 4e1d0ced36437220533ccf9659c8b128  2007.1/i586/samba-swat-3.0.24-2.1mdv2007.1.i586.rpm
 93dd30107a51fd3ebbc20542ebc70645  2007.1/i586/samba-vscan-clamav-3.0.24-2.1mdv2007.1.i586.rpm
 19624853fa80ac156a0b2d60a861aaa7  2007.1/i586/samba-vscan-icap-3.0.24-2.1mdv2007.1.i586.rpm
 46115b16c64571992ff208774e19893a  2007.1/i586/samba-winbind-3.0.24-2.1mdv2007.1.i586.rpm 
 f0f8263be6721cb1657a21e1c2badb07  2007.1/SRPMS/samba-3.0.24-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 522559cab51ca5918c7ff81ab636ff41  2007.1/x86_64/lib64smbclient0-3.0.24-2.1mdv2007.1.x86_64.rpm
 ab01dc898deaa66dedd7ca50adc14f5c  2007.1/x86_64/lib64smbclient0-devel-3.0.24-2.1mdv2007.1.x86_64.rpm
 71ace63b0f173b1eb861957434defdc3  2007.1/x86_64/lib64smbclient0-static-devel-3.0.24-2.1mdv2007.1.x86_64.rpm
 a14fcc0cc6b52feb401e54cdb09c68c2  2007.1/x86_64/mount-cifs-3.0.24-2.1mdv2007.1.x86_64.rpm
 e48d3f6c3eea5678c816d7478d1d63e4  2007.1/x86_64/nss_wins-3.0.24-2.1mdv2007.1.x86_64.rpm
 2ab270757b1e482162deb305795e2ad0  2007.1/x86_64/samba-client-3.0.24-2.1mdv2007.1.x86_64.rpm
 90825c20d28b44162b1fa466004e39e5  2007.1/x86_64/samba-common-3.0.24-2.1mdv2007.1.x86_64.rpm
 923e7b8feba039fb82e6303f49a8b0ec  2007.1/x86_64/samba-doc-3.0.24-2.1mdv2007.1.x86_64.rpm
 d721f5eefb05767b9a98ac1eceedcebe  2007.1/x86_64/samba-server-3.0.24-2.1mdv2007.1.x86_64.rpm
 1d928cfcee337d20284a0d5a4ffc5dab  2007.1/x86_64/samba-smbldap-tools-3.0.24-2.1mdv2007.1.x86_64.rpm
 453bc9c6e403e054bcdaf91f2db44b29  2007.1/x86_64/samba-swat-3.0.24-2.1mdv2007.1.x86_64.rpm
 1357990588553f4f2be6ad833818b676  2007.1/x86_64/samba-vscan-clamav-3.0.24-2.1mdv2007.1.x86_64.rpm
 196a90cc6d15be3d3b83c70b1d48114b  2007.1/x86_64/samba-vscan-icap-3.0.24-2.1mdv2007.1.x86_64.rpm
 3470ca06997ea588279435b0d8a01b72  2007.1/x86_64/samba-winbind-3.0.24-2.1mdv2007.1.x86_64.rpm 
 f0f8263be6721cb1657a21e1c2badb07  2007.1/SRPMS/samba-3.0.24-2.1mdv2007.1.src.rpm

 Corporate 3.0:
 995cae5210de2b7ad173253fe2134655  corporate/3.0/i586/libsmbclient0-3.0.14a-6.4.C30mdk.i586.rpm
 e6f7c354387686d7adf96befdd3cdd35  corporate/3.0/i586/libsmbclient0-devel-3.0.14a-6.4.C30mdk.i586.rpm
 f0056950bdb3e59f861f13158e4a563d  corporate/3.0/i586/libsmbclient0-static-devel-3.0.14a-6.4.C30mdk.i586.rpm
 965c2431630699585046187468866fa9  corporate/3.0/i586/mount-cifs-3.0.14a-6.4.C30mdk.i586.rpm
 706323613606d437aca6d8deb6c1be74  corporate/3.0/i586/nss_wins-3.0.14a-6.4.C30mdk.i586.rpm
 30a2f2eeb35f0db68700328253c6ae8b  corporate/3.0/i586/samba-client-3.0.14a-6.4.C30mdk.i586.rpm
 067eeac5a08fec8afe0beeda3a875a04  corporate/3.0/i586/samba-common-3.0.14a-6.4.C30mdk.i586.rpm
 b4ed331cdf937c798f725ce852b4cd03  corporate/3.0/i586/samba-doc-3.0.14a-6.4.C30mdk.i586.rpm
 9dd10ad8958bce4182d362e64f43a4f5  corporate/3.0/i586/samba-passdb-xml-3.0.14a-6.4.C30mdk.i586.rpm
 2281e0434ddabc3624ec1ebc1497151d  corporate/3.0/i586/samba-server-3.0.14a-6.4.C30mdk.i586.rpm
 6c8ee9c505f34996ea42d638b3f77875  corporate/3.0/i586/samba-smbldap-tools-3.0.14a-6.4.C30mdk.i586.rpm
 0a22a2881f65ded15a08870863328ea8  corporate/3.0/i586/samba-swat-3.0.14a-6.4.C30mdk.i586.rpm
 bbed2c9e1f45645c38c81461329dac03  corporate/3.0/i586/samba-vscan-antivir-3.0.14a-6.4.C30mdk.i586.rpm
 a33a0951ff63f3518940a59cd258e6e5  corporate/3.0/i586/samba-vscan-clamav-3.0.14a-6.4.C30mdk.i586.rpm
 948b6e731178caaa4a1e85c017d49390  corporate/3.0/i586/samba-vscan-icap-3.0.14a-6.4.C30mdk.i586.rpm
 c73c90da1421a4050d7d94924fdca0ad  corporate/3.0/i586/samba-winbind-3.0.14a-6.4.C30mdk.i586.rpm 
 85543e78e50c609d0d6813f1644d549a  corporate/3.0/SRPMS/samba-3.0.14a-6.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bdd42fc080fd06f80b8677cdeea8db4a  corporate/3.0/x86_64/lib64smbclient0-3.0.14a-6.4.C30mdk.x86_64.rpm
 0b230d9d5dd5551793aaa6080a1d584a  corporate/3.0/x86_64/lib64smbclient0-devel-3.0.14a-6.4.C30mdk.x86_64.rpm
 c367d1f86447f1ebe213952c65488eff  corporate/3.0/x86_64/lib64smbclient0-static-devel-3.0.14a-6.4.C30mdk.x86_64.rpm
 c2e476ddc9321ffc606a1ede130805aa  corporate/3.0/x86_64/mount-cifs-3.0.14a-6.4.C30mdk.x86_64.rpm
 1fdbbc19d3267564b17a6412f90429e7  corporate/3.0/x86_64/nss_wins-3.0.14a-6.4.C30mdk.x86_64.rpm
 a2b0905803d6cdd426dbc8317d0160c3  corporate/3.0/x86_64/samba-client-3.0.14a-6.4.C30mdk.x86_64.rpm
 006f8b863211d9ad1319df7343af5791  corporate/3.0/x86_64/samba-common-3.0.14a-6.4.C30mdk.x86_64.rpm
 c4626c0d3ef34bf73d11a50374a93042  corporate/3.0/x86_64/samba-doc-3.0.14a-6.4.C30mdk.x86_64.rpm
 80566b162283919f89fb24d7e1ff33f3  corporate/3.0/x86_64/samba-passdb-xml-3.0.14a-6.4.C30mdk.x86_64.rpm
 2606f629953a588a36a838a7f573ce46  corporate/3.0/x86_64/samba-server-3.0.14a-6.4.C30mdk.x86_64.rpm
 81cfab423bf2a1929fc654b314e00110  corporate/3.0/x86_64/samba-smbldap-tools-3.0.14a-6.4.C30mdk.x86_64.rpm
 f14fb5203ff8950cec6b4350ae380057  corporate/3.0/x86_64/samba-swat-3.0.14a-6.4.C30mdk.x86_64.rpm
 b5c8a672f35167ddd038244261e4ecfc  corporate/3.0/x86_64/samba-vscan-antivir-3.0.14a-6.4.C30mdk.x86_64.rpm
 29611d3c4a0d8fc765f669ab7f3c6b8a  corporate/3.0/x86_64/samba-vscan-clamav-3.0.14a-6.4.C30mdk.x86_64.rpm
 9cc826c3b42dda8d77213aa464e251b7  corporate/3.0/x86_64/samba-vscan-icap-3.0.14a-6.4.C30mdk.x86_64.rpm
 81f5972b2adddfbe95462219d98352cc  corporate/3.0/x86_64/samba-winbind-3.0.14a-6.4.C30mdk.x86_64.rpm 
 85543e78e50c609d0d6813f1644d549a  corporate/3.0/SRPMS/samba-3.0.14a-6.4.C30mdk.src.rpm

 Corporate 4.0:
 43b8e45e184d19d0f39a9660b457ef87  corporate/4.0/i586/libsmbclient0-3.0.23a-2.2.20060mlcs4.i586.rpm
 024a9960b85f7bfeca6b3f405d008672  corporate/4.0/i586/libsmbclient0-devel-3.0.23a-2.2.20060mlcs4.i586.rpm
 5fbbafbb0ac6644008272588759d3c46  corporate/4.0/i586/libsmbclient0-static-devel-3.0.23a-2.2.20060mlcs4.i586.rpm
 9e8663592564b499f2345dc14db8b3c7  corporate/4.0/i586/mount-cifs-3.0.23a-2.2.20060mlcs4.i586.rpm
 0a717f590d7cd0a0381aab40b74df735  corporate/4.0/i586/nss_wins-3.0.23a-2.2.20060mlcs4.i586.rpm
 f73fffbbf89d4ec641cebc02c1084483  corporate/4.0/i586/samba-client-3.0.23a-2.2.20060mlcs4.i586.rpm
 35f8aecc5ccd416bd8a43c3bb3b7b414  corporate/4.0/i586/samba-common-3.0.23a-2.2.20060mlcs4.i586.rpm
 ef40a42a9c88c4135e40ee4147574499  corporate/4.0/i586/samba-doc-3.0.23a-2.2.20060mlcs4.i586.rpm
 6287e9938ed5445f51b25019a4ec2b27  corporate/4.0/i586/samba-server-3.0.23a-2.2.20060mlcs4.i586.rpm
 23c8bba6255c83b544b0193a3bcf71a5  corporate/4.0/i586/samba-smbldap-tools-3.0.23a-2.2.20060mlcs4.i586.rpm
 a94136a20bff5043ac7a208b3bf2db4a  corporate/4.0/i586/samba-swat-3.0.23a-2.2.20060mlcs4.i586.rpm
 2a6d089568b70cb38a440f04f848ceba  corporate/4.0/i586/samba-test-3.0.23a-2.2.20060mlcs4.i586.rpm
 ffe43c22a67cc8ce50e618846332cc2e  corporate/4.0/i586/samba-vscan-clamav-3.0.23a-2.2.20060mlcs4.i586.rpm
 94975d4800000e2fd5bb8f429b9d3146  corporate/4.0/i586/samba-vscan-icap-3.0.23a-2.2.20060mlcs4.i586.rpm
 94bc940bdc2a088d2befd246e4d7891e  corporate/4.0/i586/samba-winbind-3.0.23a-2.2.20060mlcs4.i586.rpm 
 f1b9c38d8e00d7f455d3dd248dcff0eb  corporate/4.0/SRPMS/samba-3.0.23a-2.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 92134a011d2c5d976dae94fab367e45f  corporate/4.0/x86_64/lib64smbclient0-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 060fc55e7de7387038ef33644ced7ff3  corporate/4.0/x86_64/lib64smbclient0-devel-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 8e11d3db9f389ad4e88f492c22304817  corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 9655f204077987366947e25e6b45e0ca  corporate/4.0/x86_64/mount-cifs-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 6f7c336eb89d497d9df3b31f0c21ba49  corporate/4.0/x86_64/nss_wins-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 e83e84a2a639d6f62b57cd4c14b8275f  corporate/4.0/x86_64/samba-client-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 3d5a6ba40d0dab131f2e1da1717d4782  corporate/4.0/x86_64/samba-common-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 679c7185e7d41c2b4290689fb1e049a7  corporate/4.0/x86_64/samba-doc-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 57118fa57372900f96f682990d4578ef  corporate/4.0/x86_64/samba-server-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 0fb7dafcb4b7b2cfe2e8a83f9f8f8593  corporate/4.0/x86_64/samba-smbldap-tools-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 d24486957a79dfc4ff150190c464d83a  corporate/4.0/x86_64/samba-swat-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 46f5df9097483a7487aee5a0cf56d04f  corporate/4.0/x86_64/samba-test-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 ad445e9d14b03ce516d24b677c9fe9bb  corporate/4.0/x86_64/samba-vscan-clamav-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 3d3e5c87b95ad5f6e99664507707440f  corporate/4.0/x86_64/samba-vscan-icap-3.0.23a-2.2.20060mlcs4.x86_64.rpm
 5dcf6bbccade0abdc0a82fbd1087a2f0  corporate/4.0/x86_64/samba-winbind-3.0.23a-2.2.20060mlcs4.x86_64.rpm 
 f1b9c38d8e00d7f455d3dd248dcff0eb  corporate/4.0/SRPMS/samba-3.0.23a-2.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGSOJRmqjQ0CJFipgRAgXhAJ4vX88s33DgYl4sNxofRKMfcAB+QACfW6rs
HXSDGo5kcDXz1BXMq2POWy8=
=S/cx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ