LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: samba Buffer overflow vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Updated samba packages that fix buffer overflows, as well as other variousbugs, are now available.

Red Hat Security Advisory

Synopsis:          Updated samba packages fix vulnerabilities
Advisory ID:       RHSA-2004:259-01
Issue date:        2004-07-22
Updated on:        2004-07-22
Product:           Red Hat Enterprise Linux
Keywords:          smb
CVE Names:         CAN-2004-0600 CAN-2004-0686
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix buffer overflows, as well as other various
bugs, are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Samba provides file and printer sharing services to SMB/CIFS clients.  
  
Evgeny Demidov discovered a flaw in the internal routine used by the Samba
Web Administration Tool (SWAT) in Samba versions 3.0.2 through 3.0.4.  When
decoding base-64 data during HTTP basic authentication, an invalid base-64
character could cause a buffer overflow.  If the SWAT administration
service is enabled, this flaw could allow an attacker to execute arbitrary
code.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0600 to this issue.

Additionally, the Samba team discovered a buffer overflow in the code used
to support the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter is 'mangling method = hash2'
and therefore not vulnerable.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0686 to this issue.

This release includes the updated upstream version 3.0.4 together with 
backported security patches to correct these issues as well as a number of
post-3.0.4 bug fixes from the Samba subversion repository.  
 
The most important bug fix allows Samba users to change their passwords 
if Microsoft patch KB 828741 (a critical update) had been applied. 
 
All users of Samba should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

114436 - samba consumes all memory then hangs z390 vmachine.
122749 - Samba is unable to read international characters in filenames
122527 - Need 'printing = cups' and 'cups options = raw'
102715 - samba spec needs epoch in versioned dependecies
121356 - spec file should install libsmbclient.so with executable permissions
119211 - smb.conf(5) manual page bug if you do not use  UTF-8 based locale
117181 - local variable used before set
116560 - Missing BuildRequires: krb5-devel
125714 - NTBackup cannot access samba shares
123271 - Users get error message when changing passwords after applying KB828741
126296 - Requesting updated packages to 3.0.4

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.4-6.3E.src.rpm
44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

ia64:
8821a2b70be8c4674ffc470a75b9c8da  samba-3.0.4-6.3E.ia64.rpm
9b3fe88a1caa50667ac8f2786b36f158  samba-client-3.0.4-6.3E.ia64.rpm
f650cdcb87404cfc209ab0a34e68e767  samba-common-3.0.4-6.3E.ia64.rpm
a99a0d4dec075149d59da31b41014595  samba-swat-3.0.4-6.3E.ia64.rpm

ppc:
4a076b948d5588f52e27fe0f83c254db  samba-3.0.4-6.3E.ppc.rpm
a2a4bdb973dd38374206ee76c1f23455  samba-3.0.4-6.3E.ppc64.rpm
41e77181eb945e45cb147788e8a50387  samba-client-3.0.4-6.3E.ppc.rpm
e3b14ae6410b5191c3dcbff7634f617f  samba-common-3.0.4-6.3E.ppc.rpm
207a03e8fc38257ef0f81c87e628eb7a  samba-swat-3.0.4-6.3E.ppc.rpm

s390:
984fa3cd0ca31eb764a8a73733d3d13e  samba-3.0.4-6.3E.s390.rpm
d42b3cef9cf281c6cc0cf76f29335e42  samba-client-3.0.4-6.3E.s390.rpm
d8acc69df724d7fc8d4cf259d06b2236  samba-common-3.0.4-6.3E.s390.rpm
4c0444ceba9395d22fb8c6de6833fc76  samba-swat-3.0.4-6.3E.s390.rpm

s390x:
aa5a1ab3c6ad612086774d94108f09d5  samba-3.0.4-6.3E.s390x.rpm
984fa3cd0ca31eb764a8a73733d3d13e  samba-3.0.4-6.3E.s390.rpm
a0d0319d4248bee79e4d9253947518da  samba-client-3.0.4-6.3E.s390x.rpm
623b63e0e5bcb187c4cc3b8e03e263e2  samba-common-3.0.4-6.3E.s390x.rpm
29f036def3a798e117d549c63d510800  samba-swat-3.0.4-6.3E.s390x.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.4-6.3E.src.rpm
44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.4-6.3E.src.rpm
44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

ia64:
8821a2b70be8c4674ffc470a75b9c8da  samba-3.0.4-6.3E.ia64.rpm
9b3fe88a1caa50667ac8f2786b36f158  samba-client-3.0.4-6.3E.ia64.rpm
f650cdcb87404cfc209ab0a34e68e767  samba-common-3.0.4-6.3E.ia64.rpm
a99a0d4dec075149d59da31b41014595  samba-swat-3.0.4-6.3E.ia64.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.4-6.3E.src.rpm
44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

ia64:
8821a2b70be8c4674ffc470a75b9c8da  samba-3.0.4-6.3E.ia64.rpm
9b3fe88a1caa50667ac8f2786b36f158  samba-client-3.0.4-6.3E.ia64.rpm
f650cdcb87404cfc209ab0a34e68e767  samba-common-3.0.4-6.3E.ia64.rpm
a99a0d4dec075149d59da31b41014595  samba-swat-3.0.4-6.3E.ia64.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.