lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: MarkC at mtbaker.wednet.edu (Mark Challender)
Subject: FW: FreeBSD Security Notice FreeBSD-SN-03:01

Georgi,

Can I borrow your crystal ball?
==========================
you wrote:

Fine opinion about war and m$, but the statement
"OpenBSD, which does not develop as many products as Microsoft, says only
one 
vulnerability or hole has been found in its software in the past seven
years"
is untrue.

Georgi
===========================


Mark Challender
Network Administrator

Are you sending out a virus hoax?
Check the website below and be sure.

http://vil.nai.com/VIL/hoaxes.asp



-----Original Message-----
From: FreeBSD Security Advisories
[mailto:security-advisories@...ebsd.org]
Sent: Monday, April 07, 2003 6:42 AM
To: FreeBSD Security Advisories
Subject: [Full-Disclosure] FreeBSD Security Notice FreeBSD-SN-03:01


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

============================================================================
=
FreeBSD-SN-03:01                                              Security
Notice
                                                          The FreeBSD
Project

Topic:          security issue in samba ports
Announced:      2003-04-07

I.   Introduction

Several ports in the FreeBSD Ports Collection are affected by security
issues.  These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.
The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted.

These ports are not installed by default, nor are they ``part of
FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format.  FreeBSD makes
no claim about the security of these third-party applications.  See
<URL:http://www.freebsd.org/ports/> for more information about the
FreeBSD Ports Collection.

II.  Ports

+------------------------------------------------------------------------+
Port name:      net/samba
Affected:       versions < samba-2.2.8_2, samba-2.2.8a
Status:         Fixed

Two vulnerabilities recently:

(1) Sebastian Krahmer of the SuSE Security Team identified
vulnerabilities that could lead to arbitrary code execution as root,
as well as a race condition that could allow overwriting of system
files.  (This vulnerability was previously fixed in Samba 2.2.8.)

(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited
correctly, leads to an anonymous user gaining root access on a Samba
serving system. All versions of Samba up to and including Samba 2.2.8
are vulnerable. Alpha versions of Samba 3.0 and above are *NOT*
vulnerable.''

<URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 >
+------------------------------------------------------------------------+
Port name:      net/samba-tng
Affected:       all versions
Status:         Not fixed

Some or all of the vulnerabilities affecting Samba may also affect
Samba-TNG.  No confirmation or official patches are available at the
time of this security notice.
+------------------------------------------------------------------------+

III. Upgrading Ports/Packages

To upgrade a fixed port/package, perform one of the following:

1) Upgrade your Ports Collection and rebuild and reinstall the port.
Several tools are available in the Ports Collection to make this
easier.  See:
  /usr/ports/devel/portcheckout
  /usr/ports/misc/porteasy
  /usr/ports/sysutils/portupgrade

2) Deinstall the old package and install a new package obtained from

[FreeBSD 4.x, i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/

[FreeBSD 5.x, i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/

Packages are not automatically generated for other architectures at
this time.

Note that new, official packages may not be available on all mirrors
immediately.  In the interim, Security Officer-generated packages (and
detached digital signatures) are available for the i386 architecture
at:

[FreeBSD 4.x, i386]
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-st
able/samba-2.2.8_2.tgz
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-st
able/samba-2.2.8_2.tgz.asc

[FreeBSD 5.x]
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-cu
rrent/samba-2.2.8_2.tbz
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-cu
rrent/samba-2.2.8_2.tbz.asc


+------------------------------------------------------------------------+
FreeBSD Security Notices are communications from the Security Officer
intended to inform the user community about potential security issues,
such as bugs in the third-party applications found in the Ports
Collection, which will not be addressed in a FreeBSD Security
Advisory.

Feedback on Security Notices is welcome at <security-team@...eBSD.org>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem
4q3eO8IxTujzRR2QwH4eyK4=
=/4KW
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security-notifications@...ebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
To unsubscribe, send any mail to
"freebsd-security-notifications-unsubscribe@...ebsd.org"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists