--------------------------------------------------------------------------
Debian Security Advisory DSA 600-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
October 7th, 2004                        Debian -- Debian security FAQ 
--------------------------------------------------------------------------

Package        : samba
Vulnerability  : arbitrary file access
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0815

A vulnerability has been discovered in samba, a commonly used
LanManager-like file and printer server for Unix.  A remote attacker
may be able to gain access to files which exist outside of the share's
defined path.  Such files must still be readable by the account used
for the connection, though.

For the stable distribution (woody) this problem has been fixed in
version 2.2.3a-14.1.

In the unstable (sid) and testing (sarge) distributions this problem
was not present.

We recommend that you upgrade your samba packages.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      775 a2af736313501d6f44be6cef7cc88cbf
      
      Size/MD5 checksum:   107344 bdb474462e3e9bd35625afabd07807c1
      
      Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254

  Architecture independent components:

      
      Size/MD5 checksum:  2446936 257688d1dfb6f99506cbd8a4c24cabbd

  Alpha architecture:

      
      Size/MD5 checksum:   415690 b3dbf67a532d141f790a5d5219185c97
      
      Size/MD5 checksum:   489684 9dcc13fa5fa2a7d7743b7983cb1469d6
      
      Size/MD5 checksum:   600496 8a4794fb364f974dc3de1c8ab739ac4f
      
      Size/MD5 checksum:  2956046 046da9998b8fa36ff224863c9cdf9e75
      
      Size/MD5 checksum:  1131434 5ba458f4aff340332586291da917b87e
      
      Size/MD5 checksum:  1156050 7da311c482e43a342cd5317cdab62d6b
      
      Size/MD5 checksum:   949844 c67ce1367894b077c76239f8a84e3734
      
      Size/MD5 checksum:   623068 1968db82b56c174964b4b74b50dfbd2d
      
      Size/MD5 checksum:  1106942 1b0f6f783f8085cc66c2952c71ebc7ac

  ARM architecture:

      
      Size/MD5 checksum:   397050 1f6cdc9091bf0bcc0e71ec62135d14b5
      
      Size/MD5 checksum:   461594 4d4617f3583947a6dca094c65ab5af38
      
      Size/MD5 checksum:   547222 d387f6b71718b986a64b93a2a0917165
      
      Size/MD5 checksum:  2553028 9d26784f9f2ffc5ed666f2587afe611b
      
      Size/MD5 checksum:  1023076 da95af57afd726ed8da76b6d2e825f2e
      
      Size/MD5 checksum:  1002748 f96a8323c3479cafed063c310f34e4ad
      
      Size/MD5 checksum:   831732 38fe5c590e10af901099813254798a6b
      
      Size/MD5 checksum:   557864 c33197f9f9c486ee5a0fb91daa37208d
      
      Size/MD5 checksum:   974580 ba96e7d882ffdee927f047dc3ba92065

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   388902 906276eea039d4054dd7b1b523800f78
      
      Size/MD5 checksum:   446362 1e09eaf629f560708ec79eec84724c05
      
      Size/MD5 checksum:   500072 e9c0ecdcb56cfc099f9d4120f6f57055
      
      Size/MD5 checksum:  2417402 540addf76a43c2750e7ffa50fef80c30
      
      Size/MD5 checksum:   993390 af0e79cb8541b5b4d4fdbf9719d85b02
      
      Size/MD5 checksum:   954172 29597c7e90f2494598b901dfabdf3b5f
      
      Size/MD5 checksum:   793548 3ed212184d0955c5746df428d009ce66
      
      Size/MD5 checksum:   535486 4dfed7deebfa5b194c6faf06dfc69c23
      
      Size/MD5 checksum:   930504 6fff5fe9036ef173bd203463ac1b989d

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   461722 475b5d8eb28f074377511560fe486f5c
      
      Size/MD5 checksum:   553746 a75f6c475b65df643e44a040fe7e711f
      
      Size/MD5 checksum:   624886 868c87d3a7d547f5b1bd5a3b59fb5b1b
      
      Size/MD5 checksum:  3487698 1f5b87f988b0e6180945f5857b20f8ca
      
      Size/MD5 checksum:  1248644 8bbafb3289123e119844273ad0ad2c3d
      
      Size/MD5 checksum:  1328518 093f6ce6a584077e9ac22f7477a66e5b
      
      Size/MD5 checksum:  1097776 b3027b1fb9ac978708992983f4aaf290
      
      Size/MD5 checksum:   695522 837c034971efe3a8993471e985e6281f
      
      Size/MD5 checksum:  1281666 7bcd03f536b8227da0082e18f6af130f

  HP Precision architecture:

      
      Size/MD5 checksum:   419704 b4ab9379f16d68c6d159a3729c786b91
      
      Size/MD5 checksum:   491168 d2f2e84bb69a74ee4b18de1aacf69bb4
      
      Size/MD5 checksum:   589502 cee18a24bec4f6b478631dcc1239570f
      
      Size/MD5 checksum:  2791176 d9fba426a9a203d57b544d11e1077ee5
      
      Size/MD5 checksum:  1081648 95e20e8918b294d826994e6c46da7e1b
      
      Size/MD5 checksum:  1085052 dbde6a318373ef1c9af8d3880fc64369
      
      Size/MD5 checksum:   901402 8485c014bc31c33b7920f019c723c7f3
      
      Size/MD5 checksum:   589990 d16a1fbb42d65379fd3da176a101681e
      
      Size/MD5 checksum:  1060066 25649416cb5bd76c1c13830ae8edcd3b

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   398770 d78c6f2e700781d54f9ecda6eb238526
      
      Size/MD5 checksum:   459864 34dd7b9aa8208dd11eb19b8933c545f6
      
      Size/MD5 checksum:   504522 2c4aa69979372d832b29d0e5827d497a
      
      Size/MD5 checksum:  2355244 b94ee6ddff1475c77dd4b86dbe5c7700
      
      Size/MD5 checksum:   982122 dc728b631e3a850664fd9673a3207773
      
      Size/MD5 checksum:   936080 bd30699cb76f232b04a394b19e69bb48
      
      Size/MD5 checksum:   788524 7f6226024eb65e088bcedec669773fda
      
      Size/MD5 checksum:   524182 cb378ef731154c0b7ca083ba8498e350
      
      Size/MD5 checksum:   930170 9c890313b5464e84ea94c7139e4a97da

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   396162 19edb24a089ac6e83afa6a8f10a72f32
      
      Size/MD5 checksum:   459410 bf32361476e1532c939e3a8ad564ee91
      
      Size/MD5 checksum:   569610 84f1ef40e4f77b3860797bbfd4598bf5
      
      Size/MD5 checksum:  2803536 72f070e84bdb57ad3c5d06265342c1f2
      
      Size/MD5 checksum:  1078344 e7d8ab8e476d21041102c81523d05df5
      
      Size/MD5 checksum:  1088376 025c89d9df75d98d5d618c6989d6d71c
      
      Size/MD5 checksum:   910504 ad6825b95aa8c43613c7029ff7bd7540
      
      Size/MD5 checksum:   581202 cd464144a77cfab1735eb6e196d5529a
      
      Size/MD5 checksum:  1027882 f4495e4d24ee836702ca1fb302f40782

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   392240 9dff38afb6e7c7e02b1261a52de65baa
      
      Size/MD5 checksum:   453984 7abcc75b570fdd0b20d5eb2f39423845
      
      Size/MD5 checksum:   562514 d557482aa96c5a8ecfc71017997ba025
      
      Size/MD5 checksum:  2763974 1203017d0285886c0aa77f82f6ffe070
      
      Size/MD5 checksum:  1071496 9e3b73ac5224413d88d245197a03c37b
      
      Size/MD5 checksum:  1075858 7579097440fcdf9db5e4ebbf977aa964
      
      Size/MD5 checksum:   897104 09661520c88567906c735dbea2d4bcd9
      
      Size/MD5 checksum:   576680 0ae70f3114073659582ad0f0fee9e756
      
      Size/MD5 checksum:  1015166 679691391af10ae66a6b49e30dad383d

  PowerPC architecture:

      
      Size/MD5 checksum:   408898 80fd1077e68d809732b4a9cbed09e330
      
      Size/MD5 checksum:   475756 d77bfe732ac15518f0c1b401f790328a
      
      Size/MD5 checksum:   546358 e1b192f4269192c370e9da96b6b38388
      
      Size/MD5 checksum:  2607540 be1ca9d87728d44d5ce6080cd10a57e4
      
      Size/MD5 checksum:  1036772 a38fefa9ce598ce4270334737c158107
      
      Size/MD5 checksum:  1021596 43e0b626d06badd64d8cb901d6581ceb
      
      Size/MD5 checksum:   852636 746e13c82c1b29bf25f3c22ffd278cb3
      
      Size/MD5 checksum:   561004 ea2ded10c59a8e6dcb1c7a2888e3a941
      
      Size/MD5 checksum:  1001804 7d683d7359587cce2ae19d64494934d7

  IBM S/390 architecture:

      
      Size/MD5 checksum:   403274 ad2001b54eaadb2a7259c36b2e2a0d75
      
      Size/MD5 checksum:   470064 bfccfe495177f91125c7385b74ab5f93
      
      Size/MD5 checksum:   526738 26190e2be1b643431d98165ac06e2c63
      
      Size/MD5 checksum:  2496222 51a182dc51d5a0752f995188716ee163
      
      Size/MD5 checksum:  1008300 43c82f3ea0952decd6798d9a59c36c3f
      
      Size/MD5 checksum:   982812 f7fae37ce569a2588dab37056fae6644
      
      Size/MD5 checksum:   833368 610ed462aa4b1d30d513b1015ef99b79
      
      Size/MD5 checksum:   537872 88905dabb2531bf8fdd6087715ad2b75
      
      Size/MD5 checksum:   965790 e5fa1a609806e9725db2f6b3b8fb0df8

  Sun Sparc architecture:

      
      Size/MD5 checksum:   400606 71e121da43b0929b596c4b12668c67c8
      
      Size/MD5 checksum:   461986 1ff6cf7a85de91d60b7323d282cabe92
      
      Size/MD5 checksum:   523958 ff18c36c4b095cd42adc5895f0301e6c
      
      Size/MD5 checksum:  2513630 66e293e366625e121718521fd989647b
      
      Size/MD5 checksum:  1011418 e9308d07b2cb7f0d9cb4f73de3a4dad9
      
      Size/MD5 checksum:   985474 fa7b07fd1a8320123b09b25aebd6fa7c
      
      Size/MD5 checksum:   829604 e27e3024f72fec8d5bc17466849a0c2d
      
      Size/MD5 checksum:   543734 18c8d40673cde04dd6c38f3ee592d3fd
      
      Size/MD5 checksum:   964528 88816d5c74bdc056857a57ccb3d58fde


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: samba arbitrary file access fix

October 7, 2004
A vulnerability has been discovered in samba, a commonly used LanManager-like file and printer server for Unix

Summary

A vulnerability has been discovered in samba, a commonly used
LanManager-like file and printer server for Unix. A remote attacker
may be able to gain access to files which exist outside of the share's
defined path. Such files must still be readable by the account used
for the connection, though.

For the stable distribution (woody) this problem has been fixed in
version 2.2.3a-14.1.

In the unstable (sid) and testing (sarge) distributions this problem
was not present.

We recommend that you upgrade your samba packages.


Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:


Size/MD5 checksum: 775 a2af736313501d6f44be6cef7cc88cbf

Size/MD5 checksum: 107344 bdb474462e3e9bd35625afabd07807c1

Size/MD5 checksum: 5460531 b6ec2f076af69331535a82b586f55254

Architecture independent components:


Size/MD5 checksum: 2446936 257688d1dfb6f99506cbd8a4c24cabbd

Alpha architecture:


Size/MD5 checksum: 415690 b3dbf67a532d141f790a5d5219185c97

Size/MD5 checksum: 489684 9dcc13fa5fa2a7d7743b7983cb1469d6

Size/MD5 checksum: 600496 8a4794fb364f974dc3de1c8ab739ac4f

Size/MD5 checksum: 2956046 046da9998b8fa36ff224863c9cdf9e75

Size/MD5 checksum: 1131434 5ba458f4aff340332586291da917b87e

Size/MD5 checksum: 1156050 7da311c482e43a342cd5317cdab62d6b

Size/MD5 checksum: 949844 c67ce1367894b077c76239f8a84e3734

Size/MD5 checksum: 623068 1968db82b56c174964b4b74b50dfbd2d

Size/MD5 checksum: 1106942 1b0f6f783f8085cc66c2952c71ebc7ac

ARM architecture:


Size/MD5 checksum: 397050 1f6cdc9091bf0bcc0e71ec62135d14b5

Size/MD5 checksum: 461594 4d4617f3583947a6dca094c65ab5af38

Size/MD5 checksum: 547222 d387f6b71718b986a64b93a2a0917165

Size/MD5 checksum: 2553028 9d26784f9f2ffc5ed666f2587afe611b

Size/MD5 checksum: 1023076 da95af57afd726ed8da76b6d2e825f2e

Size/MD5 checksum: 1002748 f96a8323c3479cafed063c310f34e4ad

Size/MD5 checksum: 831732 38fe5c590e10af901099813254798a6b

Size/MD5 checksum: 557864 c33197f9f9c486ee5a0fb91daa37208d

Size/MD5 checksum: 974580 ba96e7d882ffdee927f047dc3ba92065

Intel IA-32 architecture:


Size/MD5 checksum: 388902 906276eea039d4054dd7b1b523800f78

Size/MD5 checksum: 446362 1e09eaf629f560708ec79eec84724c05

Size/MD5 checksum: 500072 e9c0ecdcb56cfc099f9d4120f6f57055

Size/MD5 checksum: 2417402 540addf76a43c2750e7ffa50fef80c30

Size/MD5 checksum: 993390 af0e79cb8541b5b4d4fdbf9719d85b02

Size/MD5 checksum: 954172 29597c7e90f2494598b901dfabdf3b5f

Size/MD5 checksum: 793548 3ed212184d0955c5746df428d009ce66

Size/MD5 checksum: 535486 4dfed7deebfa5b194c6faf06dfc69c23

Size/MD5 checksum: 930504 6fff5fe9036ef173bd203463ac1b989d

Intel IA-64 architecture:


Size/MD5 checksum: 461722 475b5d8eb28f074377511560fe486f5c

Size/MD5 checksum: 553746 a75f6c475b65df643e44a040fe7e711f

Size/MD5 checksum: 624886 868c87d3a7d547f5b1bd5a3b59fb5b1b

Size/MD5 checksum: 3487698 1f5b87f988b0e6180945f5857b20f8ca

Size/MD5 checksum: 1248644 8bbafb3289123e119844273ad0ad2c3d

Size/MD5 checksum: 1328518 093f6ce6a584077e9ac22f7477a66e5b

Size/MD5 checksum: 1097776 b3027b1fb9ac978708992983f4aaf290

Size/MD5 checksum: 695522 837c034971efe3a8993471e985e6281f

Size/MD5 checksum: 1281666 7bcd03f536b8227da0082e18f6af130f

HP Precision architecture:


Size/MD5 checksum: 419704 b4ab9379f16d68c6d159a3729c786b91

Size/MD5 checksum: 491168 d2f2e84bb69a74ee4b18de1aacf69bb4

Size/MD5 checksum: 589502 cee18a24bec4f6b478631dcc1239570f

Size/MD5 checksum: 2791176 d9fba426a9a203d57b544d11e1077ee5

Size/MD5 checksum: 1081648 95e20e8918b294d826994e6c46da7e1b

Size/MD5 checksum: 1085052 dbde6a318373ef1c9af8d3880fc64369

Size/MD5 checksum: 901402 8485c014bc31c33b7920f019c723c7f3

Size/MD5 checksum: 589990 d16a1fbb42d65379fd3da176a101681e

Size/MD5 checksum: 1060066 25649416cb5bd76c1c13830ae8edcd3b

Motorola 680x0 architecture:


Size/MD5 checksum: 398770 d78c6f2e700781d54f9ecda6eb238526

Size/MD5 checksum: 459864 34dd7b9aa8208dd11eb19b8933c545f6

Size/MD5 checksum: 504522 2c4aa69979372d832b29d0e5827d497a

Size/MD5 checksum: 2355244 b94ee6ddff1475c77dd4b86dbe5c7700

Size/MD5 checksum: 982122 dc728b631e3a850664fd9673a3207773

Size/MD5 checksum: 936080 bd30699cb76f232b04a394b19e69bb48

Size/MD5 checksum: 788524 7f6226024eb65e088bcedec669773fda

Size/MD5 checksum: 524182 cb378ef731154c0b7ca083ba8498e350

Size/MD5 checksum: 930170 9c890313b5464e84ea94c7139e4a97da

Big endian MIPS architecture:


Size/MD5 checksum: 396162 19edb24a089ac6e83afa6a8f10a72f32

Size/MD5 checksum: 459410 bf32361476e1532c939e3a8ad564ee91

Size/MD5 checksum: 569610 84f1ef40e4f77b3860797bbfd4598bf5

Size/MD5 checksum: 2803536 72f070e84bdb57ad3c5d06265342c1f2

Size/MD5 checksum: 1078344 e7d8ab8e476d21041102c81523d05df5

Size/MD5 checksum: 1088376 025c89d9df75d98d5d618c6989d6d71c

Size/MD5 checksum: 910504 ad6825b95aa8c43613c7029ff7bd7540

Size/MD5 checksum: 581202 cd464144a77cfab1735eb6e196d5529a

Size/MD5 checksum: 1027882 f4495e4d24ee836702ca1fb302f40782

Little endian MIPS architecture:


Size/MD5 checksum: 392240 9dff38afb6e7c7e02b1261a52de65baa

Size/MD5 checksum: 453984 7abcc75b570fdd0b20d5eb2f39423845

Size/MD5 checksum: 562514 d557482aa96c5a8ecfc71017997ba025

Size/MD5 checksum: 2763974 1203017d0285886c0aa77f82f6ffe070

Size/MD5 checksum: 1071496 9e3b73ac5224413d88d245197a03c37b

Size/MD5 checksum: 1075858 7579097440fcdf9db5e4ebbf977aa964

Size/MD5 checksum: 897104 09661520c88567906c735dbea2d4bcd9

Size/MD5 checksum: 576680 0ae70f3114073659582ad0f0fee9e756

Size/MD5 checksum: 1015166 679691391af10ae66a6b49e30dad383d

PowerPC architecture:


Size/MD5 checksum: 408898 80fd1077e68d809732b4a9cbed09e330

Size/MD5 checksum: 475756 d77bfe732ac15518f0c1b401f790328a

Size/MD5 checksum: 546358 e1b192f4269192c370e9da96b6b38388

Size/MD5 checksum: 2607540 be1ca9d87728d44d5ce6080cd10a57e4

Size/MD5 checksum: 1036772 a38fefa9ce598ce4270334737c158107

Size/MD5 checksum: 1021596 43e0b626d06badd64d8cb901d6581ceb

Size/MD5 checksum: 852636 746e13c82c1b29bf25f3c22ffd278cb3

Size/MD5 checksum: 561004 ea2ded10c59a8e6dcb1c7a2888e3a941

Size/MD5 checksum: 1001804 7d683d7359587cce2ae19d64494934d7

IBM S/390 architecture:


Size/MD5 checksum: 403274 ad2001b54eaadb2a7259c36b2e2a0d75

Size/MD5 checksum: 470064 bfccfe495177f91125c7385b74ab5f93

Size/MD5 checksum: 526738 26190e2be1b643431d98165ac06e2c63

Size/MD5 checksum: 2496222 51a182dc51d5a0752f995188716ee163

Size/MD5 checksum: 1008300 43c82f3ea0952decd6798d9a59c36c3f

Size/MD5 checksum: 982812 f7fae37ce569a2588dab37056fae6644

Size/MD5 checksum: 833368 610ed462aa4b1d30d513b1015ef99b79

Size/MD5 checksum: 537872 88905dabb2531bf8fdd6087715ad2b75

Size/MD5 checksum: 965790 e5fa1a609806e9725db2f6b3b8fb0df8

Sun Sparc architecture:


Size/MD5 checksum: 400606 71e121da43b0929b596c4b12668c67c8

Size/MD5 checksum: 461986 1ff6cf7a85de91d60b7323d282cabe92

Size/MD5 checksum: 523958 ff18c36c4b095cd42adc5895f0301e6c

Size/MD5 checksum: 2513630 66e293e366625e121718521fd989647b

Size/MD5 checksum: 1011418 e9308d07b2cb7f0d9cb4f73de3a4dad9

Size/MD5 checksum: 985474 fa7b07fd1a8320123b09b25aebd6fa7c

Size/MD5 checksum: 829604 e27e3024f72fec8d5bc17466849a0c2d

Size/MD5 checksum: 543734 18c8d40673cde04dd6c38f3ee592d3fd

Size/MD5 checksum: 964528 88816d5c74bdc056857a57ccb3d58fde


These files will probably be moved into the stable distribution on
its next update.

Severity
Package : samba
Vulnerability : arbitrary file access
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0815

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved