| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: aliz at gentoo.org (Daniel Ahlberg) Subject: GLSA: samba -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200211-007 - - -------------------------------------------------------------------- PACKAGE : samba SUMMARY : remote root access DATE : 2002-11-21 09:11 UTC EXPLOIT : remote - - -------------------------------------------------------------------- - From 2.2.7 release notes: There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Read the full release notes at http://se.samba.org/samba/whatsnew/samba-2.2.7.html SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/samba-2.2.5-r1 and earlier update their systems as follows: emerge rsync emerge samba emerge clean - - -------------------------------------------------------------------- aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz woodchip@...too.org - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE93KKCfT7nyhUpoZMRAoZeAKCb7Jdu+glo0BIN3wq4+cDSbmQLKACgnbaY 2+7FwJUYxYALLzhRpckJuNE= =PWpJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists