| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 May 2007 19:33:07 -0600 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDKSA-2007:104 ] - Updated samba packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:104 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : May 14, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server (CVE-2007-2446). A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh (CVE-2007-2447). Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user (CVE-2007-2444). Updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 716c24151950b961e92f04774ffcdc8b 2007.0/i586/libsmbclient0-3.0.23d-2.2mdv2007.0.i586.rpm 37b2a7d648f978ddd77f0a2923574796 2007.0/i586/libsmbclient0-devel-3.0.23d-2.2mdv2007.0.i586.rpm 58f635fbece6d6f6d9f20f5c2290a434 2007.0/i586/libsmbclient0-static-devel-3.0.23d-2.2mdv2007.0.i586.rpm 558a952ec8b1d38018dc173b6e280c4c 2007.0/i586/mount-cifs-3.0.23d-2.2mdv2007.0.i586.rpm 92ea3af774e3369df5c2f0d3c58ac6c8 2007.0/i586/nss_wins-3.0.23d-2.2mdv2007.0.i586.rpm f122d0ef61377515c177d1d46e0663e0 2007.0/i586/samba-client-3.0.23d-2.2mdv2007.0.i586.rpm 87c4ca9934dfe96e8567188ec77ab43f 2007.0/i586/samba-common-3.0.23d-2.2mdv2007.0.i586.rpm 8b9260e5c5b1a9450147a4e703a06216 2007.0/i586/samba-doc-3.0.23d-2.2mdv2007.0.i586.rpm ac376f31a30f81045807e0106135d49e 2007.0/i586/samba-server-3.0.23d-2.2mdv2007.0.i586.rpm a50d23f088e7aa8d1ab220c1c23f8a7b 2007.0/i586/samba-smbldap-tools-3.0.23d-2.2mdv2007.0.i586.rpm c0b4d1199b4a0eeb3b2d59e00cae62a2 2007.0/i586/samba-swat-3.0.23d-2.2mdv2007.0.i586.rpm c121f0fc1e20a66a619a81e92f1a1292 2007.0/i586/samba-vscan-clamav-3.0.23d-2.2mdv2007.0.i586.rpm 7ce43909e6c9ad79b99d10d01ace725b 2007.0/i586/samba-vscan-icap-3.0.23d-2.2mdv2007.0.i586.rpm f1cab6002edd2f55998207cb2798735a 2007.0/i586/samba-winbind-3.0.23d-2.2mdv2007.0.i586.rpm d8cc001c31fa74a3d0dc647a9a2d6189 2007.0/SRPMS/samba-3.0.23d-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7a094868bac43abebad6993b00b43f4c 2007.0/x86_64/lib64smbclient0-3.0.23d-2.2mdv2007.0.x86_64.rpm 46c45ca8e41c5d241d91242f5146cd21 2007.0/x86_64/lib64smbclient0-devel-3.0.23d-2.2mdv2007.0.x86_64.rpm daa5d378284085626a31ea86c88ddbb5 2007.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.2mdv2007.0.x86_64.rpm 39244d59b424c5dd6730a8692dd58a69 2007.0/x86_64/mount-cifs-3.0.23d-2.2mdv2007.0.x86_64.rpm 0f2ea2f1e2c49d5876d818c4fb717a42 2007.0/x86_64/nss_wins-3.0.23d-2.2mdv2007.0.x86_64.rpm 299fb441d1f30a5bf4880e69ab4c567a 2007.0/x86_64/samba-client-3.0.23d-2.2mdv2007.0.x86_64.rpm de23ae0b37c03f48b5bec4eec8feec21 2007.0/x86_64/samba-common-3.0.23d-2.2mdv2007.0.x86_64.rpm b6108c29c471a1f875724b2369ec3730 2007.0/x86_64/samba-doc-3.0.23d-2.2mdv2007.0.x86_64.rpm fefb223546ff75104bc8a225dd976a3a 2007.0/x86_64/samba-server-3.0.23d-2.2mdv2007.0.x86_64.rpm c5b96ac8a2c86cf35c825aab7591e0b8 2007.0/x86_64/samba-smbldap-tools-3.0.23d-2.2mdv2007.0.x86_64.rpm 946afeb5a642166c5f6c37c597442d35 2007.0/x86_64/samba-swat-3.0.23d-2.2mdv2007.0.x86_64.rpm ade5c3ae808ecd0b33fbb2a951e7a7ca 2007.0/x86_64/samba-vscan-clamav-3.0.23d-2.2mdv2007.0.x86_64.rpm 174447d8ff5a59b41601513a0d66f6b4 2007.0/x86_64/samba-vscan-icap-3.0.23d-2.2mdv2007.0.x86_64.rpm a2d974c2ff6b1370a33b0611218e5570 2007.0/x86_64/samba-winbind-3.0.23d-2.2mdv2007.0.x86_64.rpm d8cc001c31fa74a3d0dc647a9a2d6189 2007.0/SRPMS/samba-3.0.23d-2.2mdv2007.0.src.rpm Mandriva Linux 2007.1: bf574b4d76cc3991dcdf9d2be9ab58d1 2007.1/i586/libsmbclient0-3.0.24-2.1mdv2007.1.i586.rpm b7a54d41b0531a6064c5f35bf8dee5ab 2007.1/i586/libsmbclient0-devel-3.0.24-2.1mdv2007.1.i586.rpm 807fed678863d222c06aefec93bbb538 2007.1/i586/libsmbclient0-static-devel-3.0.24-2.1mdv2007.1.i586.rpm 577de11ee8ae9944dee0a2b5de593665 2007.1/i586/mount-cifs-3.0.24-2.1mdv2007.1.i586.rpm 59a9a0c949ea7dbc89eb2475069052bf 2007.1/i586/nss_wins-3.0.24-2.1mdv2007.1.i586.rpm e2654e387665df343f0801834ebbd294 2007.1/i586/samba-client-3.0.24-2.1mdv2007.1.i586.rpm d43219197f1405d9d080b4f3dacec700 2007.1/i586/samba-common-3.0.24-2.1mdv2007.1.i586.rpm ec6fc2d887956afc749c2ed07e8ee31c 2007.1/i586/samba-doc-3.0.24-2.1mdv2007.1.i586.rpm a87c7d0f1e55d6dd7a6e729484fa4925 2007.1/i586/samba-server-3.0.24-2.1mdv2007.1.i586.rpm bf9c304bf3bf63de01c9360e62ff2f8e 2007.1/i586/samba-smbldap-tools-3.0.24-2.1mdv2007.1.i586.rpm 4e1d0ced36437220533ccf9659c8b128 2007.1/i586/samba-swat-3.0.24-2.1mdv2007.1.i586.rpm 93dd30107a51fd3ebbc20542ebc70645 2007.1/i586/samba-vscan-clamav-3.0.24-2.1mdv2007.1.i586.rpm 19624853fa80ac156a0b2d60a861aaa7 2007.1/i586/samba-vscan-icap-3.0.24-2.1mdv2007.1.i586.rpm 46115b16c64571992ff208774e19893a 2007.1/i586/samba-winbind-3.0.24-2.1mdv2007.1.i586.rpm f0f8263be6721cb1657a21e1c2badb07 2007.1/SRPMS/samba-3.0.24-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 522559cab51ca5918c7ff81ab636ff41 2007.1/x86_64/lib64smbclient0-3.0.24-2.1mdv2007.1.x86_64.rpm ab01dc898deaa66dedd7ca50adc14f5c 2007.1/x86_64/lib64smbclient0-devel-3.0.24-2.1mdv2007.1.x86_64.rpm 71ace63b0f173b1eb861957434defdc3 2007.1/x86_64/lib64smbclient0-static-devel-3.0.24-2.1mdv2007.1.x86_64.rpm a14fcc0cc6b52feb401e54cdb09c68c2 2007.1/x86_64/mount-cifs-3.0.24-2.1mdv2007.1.x86_64.rpm e48d3f6c3eea5678c816d7478d1d63e4 2007.1/x86_64/nss_wins-3.0.24-2.1mdv2007.1.x86_64.rpm 2ab270757b1e482162deb305795e2ad0 2007.1/x86_64/samba-client-3.0.24-2.1mdv2007.1.x86_64.rpm 90825c20d28b44162b1fa466004e39e5 2007.1/x86_64/samba-common-3.0.24-2.1mdv2007.1.x86_64.rpm 923e7b8feba039fb82e6303f49a8b0ec 2007.1/x86_64/samba-doc-3.0.24-2.1mdv2007.1.x86_64.rpm d721f5eefb05767b9a98ac1eceedcebe 2007.1/x86_64/samba-server-3.0.24-2.1mdv2007.1.x86_64.rpm 1d928cfcee337d20284a0d5a4ffc5dab 2007.1/x86_64/samba-smbldap-tools-3.0.24-2.1mdv2007.1.x86_64.rpm 453bc9c6e403e054bcdaf91f2db44b29 2007.1/x86_64/samba-swat-3.0.24-2.1mdv2007.1.x86_64.rpm 1357990588553f4f2be6ad833818b676 2007.1/x86_64/samba-vscan-clamav-3.0.24-2.1mdv2007.1.x86_64.rpm 196a90cc6d15be3d3b83c70b1d48114b 2007.1/x86_64/samba-vscan-icap-3.0.24-2.1mdv2007.1.x86_64.rpm 3470ca06997ea588279435b0d8a01b72 2007.1/x86_64/samba-winbind-3.0.24-2.1mdv2007.1.x86_64.rpm f0f8263be6721cb1657a21e1c2badb07 2007.1/SRPMS/samba-3.0.24-2.1mdv2007.1.src.rpm Corporate 3.0: 995cae5210de2b7ad173253fe2134655 corporate/3.0/i586/libsmbclient0-3.0.14a-6.4.C30mdk.i586.rpm e6f7c354387686d7adf96befdd3cdd35 corporate/3.0/i586/libsmbclient0-devel-3.0.14a-6.4.C30mdk.i586.rpm f0056950bdb3e59f861f13158e4a563d corporate/3.0/i586/libsmbclient0-static-devel-3.0.14a-6.4.C30mdk.i586.rpm 965c2431630699585046187468866fa9 corporate/3.0/i586/mount-cifs-3.0.14a-6.4.C30mdk.i586.rpm 706323613606d437aca6d8deb6c1be74 corporate/3.0/i586/nss_wins-3.0.14a-6.4.C30mdk.i586.rpm 30a2f2eeb35f0db68700328253c6ae8b corporate/3.0/i586/samba-client-3.0.14a-6.4.C30mdk.i586.rpm 067eeac5a08fec8afe0beeda3a875a04 corporate/3.0/i586/samba-common-3.0.14a-6.4.C30mdk.i586.rpm b4ed331cdf937c798f725ce852b4cd03 corporate/3.0/i586/samba-doc-3.0.14a-6.4.C30mdk.i586.rpm 9dd10ad8958bce4182d362e64f43a4f5 corporate/3.0/i586/samba-passdb-xml-3.0.14a-6.4.C30mdk.i586.rpm 2281e0434ddabc3624ec1ebc1497151d corporate/3.0/i586/samba-server-3.0.14a-6.4.C30mdk.i586.rpm 6c8ee9c505f34996ea42d638b3f77875 corporate/3.0/i586/samba-smbldap-tools-3.0.14a-6.4.C30mdk.i586.rpm 0a22a2881f65ded15a08870863328ea8 corporate/3.0/i586/samba-swat-3.0.14a-6.4.C30mdk.i586.rpm bbed2c9e1f45645c38c81461329dac03 corporate/3.0/i586/samba-vscan-antivir-3.0.14a-6.4.C30mdk.i586.rpm a33a0951ff63f3518940a59cd258e6e5 corporate/3.0/i586/samba-vscan-clamav-3.0.14a-6.4.C30mdk.i586.rpm 948b6e731178caaa4a1e85c017d49390 corporate/3.0/i586/samba-vscan-icap-3.0.14a-6.4.C30mdk.i586.rpm c73c90da1421a4050d7d94924fdca0ad corporate/3.0/i586/samba-winbind-3.0.14a-6.4.C30mdk.i586.rpm 85543e78e50c609d0d6813f1644d549a corporate/3.0/SRPMS/samba-3.0.14a-6.4.C30mdk.src.rpm Corporate 3.0/X86_64: bdd42fc080fd06f80b8677cdeea8db4a corporate/3.0/x86_64/lib64smbclient0-3.0.14a-6.4.C30mdk.x86_64.rpm 0b230d9d5dd5551793aaa6080a1d584a corporate/3.0/x86_64/lib64smbclient0-devel-3.0.14a-6.4.C30mdk.x86_64.rpm c367d1f86447f1ebe213952c65488eff corporate/3.0/x86_64/lib64smbclient0-static-devel-3.0.14a-6.4.C30mdk.x86_64.rpm c2e476ddc9321ffc606a1ede130805aa corporate/3.0/x86_64/mount-cifs-3.0.14a-6.4.C30mdk.x86_64.rpm 1fdbbc19d3267564b17a6412f90429e7 corporate/3.0/x86_64/nss_wins-3.0.14a-6.4.C30mdk.x86_64.rpm a2b0905803d6cdd426dbc8317d0160c3 corporate/3.0/x86_64/samba-client-3.0.14a-6.4.C30mdk.x86_64.rpm 006f8b863211d9ad1319df7343af5791 corporate/3.0/x86_64/samba-common-3.0.14a-6.4.C30mdk.x86_64.rpm c4626c0d3ef34bf73d11a50374a93042 corporate/3.0/x86_64/samba-doc-3.0.14a-6.4.C30mdk.x86_64.rpm 80566b162283919f89fb24d7e1ff33f3 corporate/3.0/x86_64/samba-passdb-xml-3.0.14a-6.4.C30mdk.x86_64.rpm 2606f629953a588a36a838a7f573ce46 corporate/3.0/x86_64/samba-server-3.0.14a-6.4.C30mdk.x86_64.rpm 81cfab423bf2a1929fc654b314e00110 corporate/3.0/x86_64/samba-smbldap-tools-3.0.14a-6.4.C30mdk.x86_64.rpm f14fb5203ff8950cec6b4350ae380057 corporate/3.0/x86_64/samba-swat-3.0.14a-6.4.C30mdk.x86_64.rpm b5c8a672f35167ddd038244261e4ecfc corporate/3.0/x86_64/samba-vscan-antivir-3.0.14a-6.4.C30mdk.x86_64.rpm 29611d3c4a0d8fc765f669ab7f3c6b8a corporate/3.0/x86_64/samba-vscan-clamav-3.0.14a-6.4.C30mdk.x86_64.rpm 9cc826c3b42dda8d77213aa464e251b7 corporate/3.0/x86_64/samba-vscan-icap-3.0.14a-6.4.C30mdk.x86_64.rpm 81f5972b2adddfbe95462219d98352cc corporate/3.0/x86_64/samba-winbind-3.0.14a-6.4.C30mdk.x86_64.rpm 85543e78e50c609d0d6813f1644d549a corporate/3.0/SRPMS/samba-3.0.14a-6.4.C30mdk.src.rpm Corporate 4.0: 43b8e45e184d19d0f39a9660b457ef87 corporate/4.0/i586/libsmbclient0-3.0.23a-2.2.20060mlcs4.i586.rpm 024a9960b85f7bfeca6b3f405d008672 corporate/4.0/i586/libsmbclient0-devel-3.0.23a-2.2.20060mlcs4.i586.rpm 5fbbafbb0ac6644008272588759d3c46 corporate/4.0/i586/libsmbclient0-static-devel-3.0.23a-2.2.20060mlcs4.i586.rpm 9e8663592564b499f2345dc14db8b3c7 corporate/4.0/i586/mount-cifs-3.0.23a-2.2.20060mlcs4.i586.rpm 0a717f590d7cd0a0381aab40b74df735 corporate/4.0/i586/nss_wins-3.0.23a-2.2.20060mlcs4.i586.rpm f73fffbbf89d4ec641cebc02c1084483 corporate/4.0/i586/samba-client-3.0.23a-2.2.20060mlcs4.i586.rpm 35f8aecc5ccd416bd8a43c3bb3b7b414 corporate/4.0/i586/samba-common-3.0.23a-2.2.20060mlcs4.i586.rpm ef40a42a9c88c4135e40ee4147574499 corporate/4.0/i586/samba-doc-3.0.23a-2.2.20060mlcs4.i586.rpm 6287e9938ed5445f51b25019a4ec2b27 corporate/4.0/i586/samba-server-3.0.23a-2.2.20060mlcs4.i586.rpm 23c8bba6255c83b544b0193a3bcf71a5 corporate/4.0/i586/samba-smbldap-tools-3.0.23a-2.2.20060mlcs4.i586.rpm a94136a20bff5043ac7a208b3bf2db4a corporate/4.0/i586/samba-swat-3.0.23a-2.2.20060mlcs4.i586.rpm 2a6d089568b70cb38a440f04f848ceba corporate/4.0/i586/samba-test-3.0.23a-2.2.20060mlcs4.i586.rpm ffe43c22a67cc8ce50e618846332cc2e corporate/4.0/i586/samba-vscan-clamav-3.0.23a-2.2.20060mlcs4.i586.rpm 94975d4800000e2fd5bb8f429b9d3146 corporate/4.0/i586/samba-vscan-icap-3.0.23a-2.2.20060mlcs4.i586.rpm 94bc940bdc2a088d2befd246e4d7891e corporate/4.0/i586/samba-winbind-3.0.23a-2.2.20060mlcs4.i586.rpm f1b9c38d8e00d7f455d3dd248dcff0eb corporate/4.0/SRPMS/samba-3.0.23a-2.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 92134a011d2c5d976dae94fab367e45f corporate/4.0/x86_64/lib64smbclient0-3.0.23a-2.2.20060mlcs4.x86_64.rpm 060fc55e7de7387038ef33644ced7ff3 corporate/4.0/x86_64/lib64smbclient0-devel-3.0.23a-2.2.20060mlcs4.x86_64.rpm 8e11d3db9f389ad4e88f492c22304817 corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.23a-2.2.20060mlcs4.x86_64.rpm 9655f204077987366947e25e6b45e0ca corporate/4.0/x86_64/mount-cifs-3.0.23a-2.2.20060mlcs4.x86_64.rpm 6f7c336eb89d497d9df3b31f0c21ba49 corporate/4.0/x86_64/nss_wins-3.0.23a-2.2.20060mlcs4.x86_64.rpm e83e84a2a639d6f62b57cd4c14b8275f corporate/4.0/x86_64/samba-client-3.0.23a-2.2.20060mlcs4.x86_64.rpm 3d5a6ba40d0dab131f2e1da1717d4782 corporate/4.0/x86_64/samba-common-3.0.23a-2.2.20060mlcs4.x86_64.rpm 679c7185e7d41c2b4290689fb1e049a7 corporate/4.0/x86_64/samba-doc-3.0.23a-2.2.20060mlcs4.x86_64.rpm 57118fa57372900f96f682990d4578ef corporate/4.0/x86_64/samba-server-3.0.23a-2.2.20060mlcs4.x86_64.rpm 0fb7dafcb4b7b2cfe2e8a83f9f8f8593 corporate/4.0/x86_64/samba-smbldap-tools-3.0.23a-2.2.20060mlcs4.x86_64.rpm d24486957a79dfc4ff150190c464d83a corporate/4.0/x86_64/samba-swat-3.0.23a-2.2.20060mlcs4.x86_64.rpm 46f5df9097483a7487aee5a0cf56d04f corporate/4.0/x86_64/samba-test-3.0.23a-2.2.20060mlcs4.x86_64.rpm ad445e9d14b03ce516d24b677c9fe9bb corporate/4.0/x86_64/samba-vscan-clamav-3.0.23a-2.2.20060mlcs4.x86_64.rpm 3d3e5c87b95ad5f6e99664507707440f corporate/4.0/x86_64/samba-vscan-icap-3.0.23a-2.2.20060mlcs4.x86_64.rpm 5dcf6bbccade0abdc0a82fbd1087a2f0 corporate/4.0/x86_64/samba-winbind-3.0.23a-2.2.20060mlcs4.x86_64.rpm f1b9c38d8e00d7f455d3dd248dcff0eb corporate/4.0/SRPMS/samba-3.0.23a-2.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGSOJRmqjQ0CJFipgRAgXhAJ4vX88s33DgYl4sNxofRKMfcAB+QACfW6rs HXSDGo5kcDXz1BXMq2POWy8= =S/cx -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists