lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030409084413.2748E33A82@mail1.tamperd.net> From: aliz at gentoo.org (Daniel Ahlberg) Subject: GLSA: samba (200304-02) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200304-02 - - --------------------------------------------------------------------- PACKAGE : samba SUMMARY : Buffer overflow DATE : 2003-04-09 08:44 UTC EXPLOIT : remote VERSIONS AFFECTED : <2.2.8a FIXED VERSION : >=2.2.8a CVE : CAN-2003-0201 - - --------------------------------------------------------------------- - From advisory: "An anonymous user can gain remote root access due to a buffer overflow caused by a StrnCpy() into a char array (fname) using a non-constant length (namelen)." Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104972664226781&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/samba upgrade to samba-2.2.8a as follows: emerge sync emerge samba emerge clean - - --------------------------------------------------------------------- aliz@...too.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+k91YfT7nyhUpoZMRAtowAKDAgOYrqeXDRilQkDN/SBXJegJ6RgCgsSRV ni8x1vst4U3vttassFEdpfA= =wFgE -----END PGP SIGNATURE-----