LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: samba multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake Two vulnerabilities were discovered in samba 3.0.x.

_______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           samba
 Advisory ID:            MDKSA-2004:092
 Date:                   September 13th, 2004

 Affected versions:      10.0
 ______________________________________________________________________

 Problem Description:

 Two vulnerabilities were discovered in samba 3.0.x; the first is a
 defect in smbd's ASN.1 parsing that allows an attacker to send a
 specially crafted packet during the authentication request which will
 send the newly spawned smbd process into an infinite loop.  As a
 result, it is possible to use up all available memory on the
 server.

 The second vulnerability is in nmbd's processing of mailslot packets
 which could allow an attacker to anonymously crash nmbd.

 The provided packages are patched to protect against these two
 vulnerabilities.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
 ______________________________________________________________________

 Updated Packages:

 Mandrakelinux 10.0:
 fbc2d7127436e5eb85c5acb74cdcf700  10.0/RPMS/libsmbclient0-3.0.6-4.1.100mdk.i586.rpm
 c3840923c0a3a3f7879aad67d71b83ca  10.0/RPMS/libsmbclient0-devel-3.0.6-4.1.100mdk.i586.rpm
 a32ffab67469831aa0a41bff1bfb6e0f  10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.1.100mdk.i586.rpm
 26f21d06aef89a024ab23e223ebd352e  10.0/RPMS/nss_wins-3.0.6-4.1.100mdk.i586.rpm
 d1bfd3bb611b18b29234225b447f578d  10.0/RPMS/samba-client-3.0.6-4.1.100mdk.i586.rpm
 455d513867cdc3a48e6daff86a9baaa8  10.0/RPMS/samba-common-3.0.6-4.1.100mdk.i586.rpm
 124c7ef7605291f582a0936215e93547  10.0/RPMS/samba-doc-3.0.6-4.1.100mdk.i586.rpm
 5b6cff62c630e3ef422e8d7a2689e9dc  10.0/RPMS/samba-passdb-mysql-3.0.6-4.1.100mdk.i586.rpm
 00007bffe9e8b1cb31b775f4c858a4fe  10.0/RPMS/samba-passdb-pgsql-3.0.6-4.1.100mdk.i586.rpm
 7ae2ff0b3081750ded1b337465852119  10.0/RPMS/samba-passdb-xml-3.0.6-4.1.100mdk.i586.rpm
 389df2d926ab7a648fafa6081f28c705  10.0/RPMS/samba-server-3.0.6-4.1.100mdk.i586.rpm
 fda3ee680a6bca3e06ff489aef330e8c  10.0/RPMS/samba-swat-3.0.6-4.1.100mdk.i586.rpm
 2516390f97800e4f75cab77f69125f4c  10.0/RPMS/samba-winbind-3.0.6-4.1.100mdk.i586.rpm
 00ea72438a3e6b155cc48ec0bef06f32  10.0/SRPMS/samba-3.0.6-4.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 6481a03c530b0d614fee4f635b4760e7  amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.1.100mdk.amd64.rpm
 1181a4a476c635ae512d93b4f5e425d4  amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.1.100mdk.amd64.rpm
 1fdf2bbb3b46365f18ac9980dffe57c2  amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.1.100mdk.amd64.rpm
 5c8b314e50486731cdfa8d57be32c6ea  amd64/10.0/RPMS/nss_wins-3.0.6-4.1.100mdk.amd64.rpm
 31673408cf94a8c01844feaa50ccbe13  amd64/10.0/RPMS/samba-client-3.0.6-4.1.100mdk.amd64.rpm
 0e68f033a5abdaf69c2a7eead07d235f  amd64/10.0/RPMS/samba-common-3.0.6-4.1.100mdk.amd64.rpm
 b806d5a0f505163a8edc510cd3929c0b  amd64/10.0/RPMS/samba-doc-3.0.6-4.1.100mdk.amd64.rpm
 60539a9d937e55630f3dc1a1de0d688a  amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.1.100mdk.amd64.rpm
 5c1f865f300b3b161ebabf6804c15f65  amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.1.100mdk.amd64.rpm
 426c446dfd68b7e778117dd711593e99  amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.1.100mdk.amd64.rpm
 feabeb6e85e9635f83f3d9e74afbad4f  amd64/10.0/RPMS/samba-server-3.0.6-4.1.100mdk.amd64.rpm
 13b6f3dee538846ec248bad245ada10b  amd64/10.0/RPMS/samba-swat-3.0.6-4.1.100mdk.amd64.rpm
 685de7594b2ab92323fa0dc14f9bb34b  amd64/10.0/RPMS/samba-winbind-3.0.6-4.1.100mdk.amd64.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

   http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.