LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: samba password buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake There was a bug in the length checking for encrypted password change requests from clients.

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           samba
Advisory ID:            MDKSA-2002:081
Date:                   November 25th, 2002

Affected versions:      8.1, 8.2, 9.0
________________________________________________________________________

Problem Description:

 A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered
 by the Debian samba maintainers.  A bug in the length checking for
 encrypted password change requests from clients could be exploited
 using a buffer overrun attack on the smbd stack.  This attack would
 have to crafted in such a way that converting a DOS codepage string to
 little endian UCS2 unicode would translate into an executable block of
 code.
 
 This vulnerability has been fixed in samba version 2.2.7, and the
 updated packages have had a patch applied to fix the problem.
________________________________________________________________________

References:
  
   http://www.samba.org/samba/whatsnew/samba-2.2.7.html
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 8.1:
 b10451e71a1ba27d45956f57fb203118  8.1/RPMS/samba-2.2.2-3.3mdk.i586.rpm
 22a6f9977518bbe2923ec7d2f68a698e  8.1/RPMS/samba-client-2.2.2-3.3mdk.i586.rpm
 74d59e5578aaa0a23e760c828a6d8688  8.1/RPMS/samba-common-2.2.2-3.3mdk.i586.rpm
 6d6a2835fd6e21b4c93dbaa5fe6f2d13  8.1/RPMS/samba-doc-2.2.2-3.3mdk.i586.rpm
 4c7511781a263f633cab5bf1831ad69b  8.1/SRPMS/samba-2.2.2-3.3mdk.src.rpm

 Mandrake Linux 8.1/IA64:
 2456e2af90d2e71e877a16f2ff034c73  ia64/8.1/RPMS/samba-2.2.2-3.3mdk.ia64.rpm
 66043b111988d82d2800763950ea07e3  ia64/8.1/RPMS/samba-client-2.2.2-3.3mdk.ia64.rpm
 6954d750eae921eece5e1e2ece9c42e5  ia64/8.1/RPMS/samba-common-2.2.2-3.3mdk.ia64.rpm
 cf5545988b8d07299b776a25d6dc2e56  ia64/8.1/RPMS/samba-doc-2.2.2-3.3mdk.ia64.rpm
 4c7511781a263f633cab5bf1831ad69b  ia64/8.1/SRPMS/samba-2.2.2-3.3mdk.src.rpm

 Mandrake Linux 8.2:
 5552fadd8509fc7222099f88dad0f5a9  8.2/RPMS/nss_wins-2.2.3a-10.1mdk.i586.rpm
 58da182a9a84a02010ddaf939e97bc7c  8.2/RPMS/samba-2.2.3a-10.1mdk.i586.rpm
 91dcff33758dca1ca9a4779186a6917d  8.2/RPMS/samba-client-2.2.3a-10.1mdk.i586.rpm
 ce98076728c73ca79b78fc9d69b94b47  8.2/RPMS/samba-common-2.2.3a-10.1mdk.i586.rpm
 983c2de083b240971026bb054b449fde  8.2/RPMS/samba-doc-2.2.3a-10.1mdk.i586.rpm
 fe4c7a8ebedede8ac10ff98eac2b84a5  8.2/RPMS/samba-swat-2.2.3a-10.1mdk.i586.rpm
 ec00eed80e135dd79b56608bbd2c0574  8.2/RPMS/samba-winbind-2.2.3a-10.1mdk.i586.rpm
 5677dee51659f50acee4e55346ca737d  8.2/SRPMS/samba-2.2.3a-10.1mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 32e41a8c06f1b5b24b13de0f65dfa3cc  ppc/8.2/RPMS/nss_wins-2.2.3a-10.1mdk.ppc.rpm
 275bf7b8a2792e11bf94dc24557f8ebc  ppc/8.2/RPMS/samba-2.2.3a-10.1mdk.ppc.rpm
 66232f77afcacc83090e3cf848717962  ppc/8.2/RPMS/samba-client-2.2.3a-10.1mdk.ppc.rpm
 912ccb4cc81f89de6de871aa1c4833c0  ppc/8.2/RPMS/samba-common-2.2.3a-10.1mdk.ppc.rpm
 af73612d4ea52c4a391ca75afd0dae8b  ppc/8.2/RPMS/samba-doc-2.2.3a-10.1mdk.ppc.rpm
 2117cd7af96f6467c867faef73a425b6  ppc/8.2/RPMS/samba-swat-2.2.3a-10.1mdk.ppc.rpm
 ab0402b7173a04be1cbc6c415807b98a  ppc/8.2/RPMS/samba-winbind-2.2.3a-10.1mdk.ppc.rpm
 5677dee51659f50acee4e55346ca737d  ppc/8.2/SRPMS/samba-2.2.3a-10.1mdk.src.rpm

 Mandrake Linux 9.0:
 25b264e1b5ee43b26d861f5b5e07d7d2  9.0/RPMS/nss_wins-2.2.7-2.1mdk.i586.rpm
 619a0506a84d25099ca0653be0f5fd3a  9.0/RPMS/samba-client-2.2.7-2.1mdk.i586.rpm
 d7ed710067f71285cc616fe07efd7753  9.0/RPMS/samba-common-2.2.7-2.1mdk.i586.rpm
 2b5667097a398ef87e9e721c26bb613b  9.0/RPMS/samba-doc-2.2.7-2.1mdk.i586.rpm
 ff124b4103dd84e51f5be82dd9244b1f  9.0/RPMS/samba-server-2.2.7-2.1mdk.i586.rpm
 a7b976a81f59d7ce7111cb5f44d89bcd  9.0/RPMS/samba-swat-2.2.7-2.1mdk.i586.rpm
 0859d8665e9d2ea2f1f96365a7456e3f  9.0/RPMS/samba-winbind-2.2.7-2.1mdk.i586.rpm
 b93cd8ca9319a628ee7015bbd5d2196e  9.0/SRPMS/samba-2.2.7-2.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.