Red Hat Security Advisory

Synopsis:          Updated samba packages fix vulnerabilities
Advisory ID:       RHSA-2004:259-01
Issue date:        2004-07-22
Updated on:        2004-07-22
Product:           Red Hat Enterprise Linux
Keywords:          smb
CVE Names:         CAN-2004-0600 CAN-2004-0686
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix buffer overflows, as well as other various
bugs, are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Samba provides file and printer sharing services to SMB/CIFS clients.  
  
Evgeny Demidov discovered a flaw in the internal routine used by the Samba
Web Administration Tool (SWAT) in Samba versions 3.0.2 through 3.0.4.  When
decoding base-64 data during HTTP basic authentication, an invalid base-64
character could cause a buffer overflow.  If the SWAT administration
service is enabled, this flaw could allow an attacker to execute arbitrary
code.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0600 to this issue.

Additionally, the Samba team discovered a buffer overflow in the code used
to support the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter is 'mangling method = hash2'
and therefore not vulnerable.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0686 to this issue.

This release includes the updated upstream version 3.0.4 together with 
backported security patches to correct these issues as well as a number of
post-3.0.4 bug fixes from the Samba subversion repository.  
 
The most important bug fix allows Samba users to change their passwords 
if Microsoft patch KB 828741 (a critical update) had been applied. 
 
All users of Samba should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

114436 - samba consumes all memory then hangs z390 vmachine.
122749 - Samba is unable to read international characters in filenames
122527 - Need 'printing = cups' and 'cups options = raw'
102715 - samba spec needs epoch in versioned dependecies
121356 - spec file should install libsmbclient.so with executable permissions
119211 - smb.conf(5) manual page bug if you do not use  UTF-8 based locale
117181 - local variable used before set
116560 - Missing BuildRequires: krb5-devel
125714 - NTBackup cannot access samba shares
123271 - Users get error message when changing passwords after applying KB828741
126296 - Requesting updated packages to 3.0.4

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: 

44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

ia64:
8821a2b70be8c4674ffc470a75b9c8da  samba-3.0.4-6.3E.ia64.rpm
9b3fe88a1caa50667ac8f2786b36f158  samba-client-3.0.4-6.3E.ia64.rpm
f650cdcb87404cfc209ab0a34e68e767  samba-common-3.0.4-6.3E.ia64.rpm
a99a0d4dec075149d59da31b41014595  samba-swat-3.0.4-6.3E.ia64.rpm

ppc:
4a076b948d5588f52e27fe0f83c254db  samba-3.0.4-6.3E.ppc.rpm
a2a4bdb973dd38374206ee76c1f23455  samba-3.0.4-6.3E.ppc64.rpm
41e77181eb945e45cb147788e8a50387  samba-client-3.0.4-6.3E.ppc.rpm
e3b14ae6410b5191c3dcbff7634f617f  samba-common-3.0.4-6.3E.ppc.rpm
207a03e8fc38257ef0f81c87e628eb7a  samba-swat-3.0.4-6.3E.ppc.rpm

s390:
984fa3cd0ca31eb764a8a73733d3d13e  samba-3.0.4-6.3E.s390.rpm
d42b3cef9cf281c6cc0cf76f29335e42  samba-client-3.0.4-6.3E.s390.rpm
d8acc69df724d7fc8d4cf259d06b2236  samba-common-3.0.4-6.3E.s390.rpm
4c0444ceba9395d22fb8c6de6833fc76  samba-swat-3.0.4-6.3E.s390.rpm

s390x:
aa5a1ab3c6ad612086774d94108f09d5  samba-3.0.4-6.3E.s390x.rpm
984fa3cd0ca31eb764a8a73733d3d13e  samba-3.0.4-6.3E.s390.rpm
a0d0319d4248bee79e4d9253947518da  samba-client-3.0.4-6.3E.s390x.rpm
623b63e0e5bcb187c4cc3b8e03e263e2  samba-common-3.0.4-6.3E.s390x.rpm
29f036def3a798e117d549c63d510800  samba-swat-3.0.4-6.3E.s390x.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 

44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

ia64:
8821a2b70be8c4674ffc470a75b9c8da  samba-3.0.4-6.3E.ia64.rpm
9b3fe88a1caa50667ac8f2786b36f158  samba-client-3.0.4-6.3E.ia64.rpm
f650cdcb87404cfc209ab0a34e68e767  samba-common-3.0.4-6.3E.ia64.rpm
a99a0d4dec075149d59da31b41014595  samba-swat-3.0.4-6.3E.ia64.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

44c2d603483eb9fcc8fa87bae65d6439  samba-3.0.4-6.3E.src.rpm

i386:
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
7567cae317313de3b0f8bfe3a6ce7f5b  samba-client-3.0.4-6.3E.i386.rpm
368abe8b4c210cd35745bc753677f749  samba-common-3.0.4-6.3E.i386.rpm
59d0ac4df0b0fdf77c1344c7c528ecf1  samba-swat-3.0.4-6.3E.i386.rpm

ia64:
8821a2b70be8c4674ffc470a75b9c8da  samba-3.0.4-6.3E.ia64.rpm
9b3fe88a1caa50667ac8f2786b36f158  samba-client-3.0.4-6.3E.ia64.rpm
f650cdcb87404cfc209ab0a34e68e767  samba-common-3.0.4-6.3E.ia64.rpm
a99a0d4dec075149d59da31b41014595  samba-swat-3.0.4-6.3E.ia64.rpm

x86_64:
1397c3732a4a45940be9e61b42707f76  samba-3.0.4-6.3E.x86_64.rpm
0caefe0c45f4b00ffb4c3e5703e7d4f8  samba-3.0.4-6.3E.i386.rpm
55ac2fc0c18887a94e0fec184e06c25e  samba-client-3.0.4-6.3E.x86_64.rpm
07939e1376609d71e6da03b28f568f3f  samba-common-3.0.4-6.3E.x86_64.rpm
16538cc81a03dffc6b2bf595b77fdc02  samba-swat-3.0.4-6.3E.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
 

7. References:
 
CVE -CVE-2004-0600 
CVE -CVE-2004-0686

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.

Red Hat: samba Buffer overflow vulnerabilities

Updated samba packages that fix buffer overflows, as well as other variousbugs, are now available.

Summary



Summary

Samba provides file and printer sharing services to SMB/CIFS clients. Evgeny Demidov discovered a flaw in the internal routine used by the SambaWeb Administration Tool (SWAT) in Samba versions 3.0.2 through 3.0.4. Whendecoding base-64 data during HTTP basic authentication, an invalid base-64character could cause a buffer overflow. If the SWAT administrationservice is enabled, this flaw could allow an attacker to execute arbitrarycode. The Common Vulnerabilities and Exposures project (cve.mitre.org) hasassigned the name CAN-2004-0600 to this issue.Additionally, the Samba team discovered a buffer overflow in the code usedto support the 'mangling method = hash' smb.conf option. Please be awarethat the default setting for this parameter is 'mangling method = hash2'and therefore not vulnerable. The Common Vulnerabilities and Exposuresproject (cve.mitre.org) has assigned the name CAN-2004-0686 to this issue.This release includes the updated upstream version 3.0.4 together with backported security patches to correct these issues as well as a number ofpost-3.0.4 bug fixes from the Samba subversion repository. The most important bug fix allows Samba users to change their passwords if Microsoft patch KB 828741 (a critical update) had been applied. All users of Samba should upgrade to these updated packages, whichresolve these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
114436 - samba consumes all memory then hangs z390 vmachine. 122749 - Samba is unable to read international characters in filenames 122527 - Need 'printing = cups' and 'cups options = raw' 102715 - samba spec needs epoch in versioned dependecies 121356 - spec file should install libsmbclient.so with executable permissions 119211 - smb.conf(5) manual page bug if you do not use UTF-8 based locale 117181 - local variable used before set 116560 - Missing BuildRequires: krb5-devel 125714 - NTBackup cannot access samba shares 123271 - Users get error message when changing passwords after applying KB828741 126296 - Requesting updated packages to 3.0.4
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
44c2d603483eb9fcc8fa87bae65d6439 samba-3.0.4-6.3E.src.rpm
i386: 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 7567cae317313de3b0f8bfe3a6ce7f5b samba-client-3.0.4-6.3E.i386.rpm 368abe8b4c210cd35745bc753677f749 samba-common-3.0.4-6.3E.i386.rpm 59d0ac4df0b0fdf77c1344c7c528ecf1 samba-swat-3.0.4-6.3E.i386.rpm
ia64: 8821a2b70be8c4674ffc470a75b9c8da samba-3.0.4-6.3E.ia64.rpm 9b3fe88a1caa50667ac8f2786b36f158 samba-client-3.0.4-6.3E.ia64.rpm f650cdcb87404cfc209ab0a34e68e767 samba-common-3.0.4-6.3E.ia64.rpm a99a0d4dec075149d59da31b41014595 samba-swat-3.0.4-6.3E.ia64.rpm
ppc: 4a076b948d5588f52e27fe0f83c254db samba-3.0.4-6.3E.ppc.rpm a2a4bdb973dd38374206ee76c1f23455 samba-3.0.4-6.3E.ppc64.rpm 41e77181eb945e45cb147788e8a50387 samba-client-3.0.4-6.3E.ppc.rpm e3b14ae6410b5191c3dcbff7634f617f samba-common-3.0.4-6.3E.ppc.rpm 207a03e8fc38257ef0f81c87e628eb7a samba-swat-3.0.4-6.3E.ppc.rpm
s390: 984fa3cd0ca31eb764a8a73733d3d13e samba-3.0.4-6.3E.s390.rpm d42b3cef9cf281c6cc0cf76f29335e42 samba-client-3.0.4-6.3E.s390.rpm d8acc69df724d7fc8d4cf259d06b2236 samba-common-3.0.4-6.3E.s390.rpm 4c0444ceba9395d22fb8c6de6833fc76 samba-swat-3.0.4-6.3E.s390.rpm
s390x: aa5a1ab3c6ad612086774d94108f09d5 samba-3.0.4-6.3E.s390x.rpm 984fa3cd0ca31eb764a8a73733d3d13e samba-3.0.4-6.3E.s390.rpm a0d0319d4248bee79e4d9253947518da samba-client-3.0.4-6.3E.s390x.rpm 623b63e0e5bcb187c4cc3b8e03e263e2 samba-common-3.0.4-6.3E.s390x.rpm 29f036def3a798e117d549c63d510800 samba-swat-3.0.4-6.3E.s390x.rpm
x86_64: 1397c3732a4a45940be9e61b42707f76 samba-3.0.4-6.3E.x86_64.rpm 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 55ac2fc0c18887a94e0fec184e06c25e samba-client-3.0.4-6.3E.x86_64.rpm 07939e1376609d71e6da03b28f568f3f samba-common-3.0.4-6.3E.x86_64.rpm 16538cc81a03dffc6b2bf595b77fdc02 samba-swat-3.0.4-6.3E.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
44c2d603483eb9fcc8fa87bae65d6439 samba-3.0.4-6.3E.src.rpm
i386: 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 7567cae317313de3b0f8bfe3a6ce7f5b samba-client-3.0.4-6.3E.i386.rpm 368abe8b4c210cd35745bc753677f749 samba-common-3.0.4-6.3E.i386.rpm 59d0ac4df0b0fdf77c1344c7c528ecf1 samba-swat-3.0.4-6.3E.i386.rpm
x86_64: 1397c3732a4a45940be9e61b42707f76 samba-3.0.4-6.3E.x86_64.rpm 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 55ac2fc0c18887a94e0fec184e06c25e samba-client-3.0.4-6.3E.x86_64.rpm 07939e1376609d71e6da03b28f568f3f samba-common-3.0.4-6.3E.x86_64.rpm 16538cc81a03dffc6b2bf595b77fdc02 samba-swat-3.0.4-6.3E.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
44c2d603483eb9fcc8fa87bae65d6439 samba-3.0.4-6.3E.src.rpm
i386: 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 7567cae317313de3b0f8bfe3a6ce7f5b samba-client-3.0.4-6.3E.i386.rpm 368abe8b4c210cd35745bc753677f749 samba-common-3.0.4-6.3E.i386.rpm 59d0ac4df0b0fdf77c1344c7c528ecf1 samba-swat-3.0.4-6.3E.i386.rpm
ia64: 8821a2b70be8c4674ffc470a75b9c8da samba-3.0.4-6.3E.ia64.rpm 9b3fe88a1caa50667ac8f2786b36f158 samba-client-3.0.4-6.3E.ia64.rpm f650cdcb87404cfc209ab0a34e68e767 samba-common-3.0.4-6.3E.ia64.rpm a99a0d4dec075149d59da31b41014595 samba-swat-3.0.4-6.3E.ia64.rpm
x86_64: 1397c3732a4a45940be9e61b42707f76 samba-3.0.4-6.3E.x86_64.rpm 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 55ac2fc0c18887a94e0fec184e06c25e samba-client-3.0.4-6.3E.x86_64.rpm 07939e1376609d71e6da03b28f568f3f samba-common-3.0.4-6.3E.x86_64.rpm 16538cc81a03dffc6b2bf595b77fdc02 samba-swat-3.0.4-6.3E.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
44c2d603483eb9fcc8fa87bae65d6439 samba-3.0.4-6.3E.src.rpm
i386: 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 7567cae317313de3b0f8bfe3a6ce7f5b samba-client-3.0.4-6.3E.i386.rpm 368abe8b4c210cd35745bc753677f749 samba-common-3.0.4-6.3E.i386.rpm 59d0ac4df0b0fdf77c1344c7c528ecf1 samba-swat-3.0.4-6.3E.i386.rpm
ia64: 8821a2b70be8c4674ffc470a75b9c8da samba-3.0.4-6.3E.ia64.rpm 9b3fe88a1caa50667ac8f2786b36f158 samba-client-3.0.4-6.3E.ia64.rpm f650cdcb87404cfc209ab0a34e68e767 samba-common-3.0.4-6.3E.ia64.rpm a99a0d4dec075149d59da31b41014595 samba-swat-3.0.4-6.3E.ia64.rpm
x86_64: 1397c3732a4a45940be9e61b42707f76 samba-3.0.4-6.3E.x86_64.rpm 0caefe0c45f4b00ffb4c3e5703e7d4f8 samba-3.0.4-6.3E.i386.rpm 55ac2fc0c18887a94e0fec184e06c25e samba-client-3.0.4-6.3E.x86_64.rpm 07939e1376609d71e6da03b28f568f3f samba-common-3.0.4-6.3E.x86_64.rpm 16538cc81a03dffc6b2bf595b77fdc02 samba-swat-3.0.4-6.3E.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

References

CVE -CVE-2004-0600 CVE -CVE-2004-0686

Package List


Severity
Advisory ID: RHSA-2004:259-01
Issued Date: : 2004-07-22
Updated on: 2004-07-22
Product: Red Hat Enterprise Linux
Keywords: smb
CVE Names: CAN-2004-0600 CAN-2004-0686

Topic

Updated samba packages that fix buffer overflows, as well as other variousbugs, are now available.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved