LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Critical: samba security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. A buffer overflow flaw was found in the way Samba creates NetBIOS replies.If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. This update has been rated as having critical security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: samba security update
Advisory ID:       RHSA-2007:1013-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1013.html
Issue date:        2007-11-15
Updated on:        2007-11-15
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4572 CVE-2007-5398 
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix several security issues are now available
for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1  - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash or execute
arbitrary code. (CVE-2007-5398)

A heap-based buffer overflow flaw was found in the way Samba authenticates
users. A remote unauthenticated user could trigger this flaw to cause the
Samba server to crash. Careful analysis of this flaw has determined that
arbitrary code execution is not possible, and under most circumstances will
not result in a crash of the Samba server. (CVE-2007-4572)

Red Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba
developers for responsibly disclosing these issues.

Users of Samba are advised to ugprade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

294631 - CVE-2007-4572 samba buffer overflow
358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.12-1.21as.8.1.src.rpm
c256e2c91c123f1832f52acd841c723e  samba-2.2.12-1.21as.8.1.src.rpm

i386:
3668a9e0f562d8f90cc663a0d4947511  samba-2.2.12-1.21as.8.1.i386.rpm
7ad1f876f07f3350ed11e08cd2dfd048  samba-client-2.2.12-1.21as.8.1.i386.rpm
b9b6703ad46f5e07a2c353c4f3213bbd  samba-common-2.2.12-1.21as.8.1.i386.rpm
1b096bad8e57d2f8312d8b5481693594  samba-swat-2.2.12-1.21as.8.1.i386.rpm

ia64:
a63a1829e8d3585e0f9598cbb585ff95  samba-2.2.12-1.21as.8.1.ia64.rpm
139643a501d501a38a9841537bbff295  samba-client-2.2.12-1.21as.8.1.ia64.rpm
ed8b98dbb27211c6f40e0d91726082fa  samba-common-2.2.12-1.21as.8.1.ia64.rpm
4f070a66e6afd76da95e0c7c7a9b1251  samba-swat-2.2.12-1.21as.8.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.12-1.21as.8.1.src.rpm
c256e2c91c123f1832f52acd841c723e  samba-2.2.12-1.21as.8.1.src.rpm

ia64:
a63a1829e8d3585e0f9598cbb585ff95  samba-2.2.12-1.21as.8.1.ia64.rpm
139643a501d501a38a9841537bbff295  samba-client-2.2.12-1.21as.8.1.ia64.rpm
ed8b98dbb27211c6f40e0d91726082fa  samba-common-2.2.12-1.21as.8.1.ia64.rpm
4f070a66e6afd76da95e0c7c7a9b1251  samba-swat-2.2.12-1.21as.8.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.12-1.21as.8.1.src.rpm
c256e2c91c123f1832f52acd841c723e  samba-2.2.12-1.21as.8.1.src.rpm

i386:
3668a9e0f562d8f90cc663a0d4947511  samba-2.2.12-1.21as.8.1.i386.rpm
7ad1f876f07f3350ed11e08cd2dfd048  samba-client-2.2.12-1.21as.8.1.i386.rpm
b9b6703ad46f5e07a2c353c4f3213bbd  samba-common-2.2.12-1.21as.8.1.i386.rpm
1b096bad8e57d2f8312d8b5481693594  samba-swat-2.2.12-1.21as.8.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.12-1.21as.8.1.src.rpm
c256e2c91c123f1832f52acd841c723e  samba-2.2.12-1.21as.8.1.src.rpm

i386:
3668a9e0f562d8f90cc663a0d4947511  samba-2.2.12-1.21as.8.1.i386.rpm
7ad1f876f07f3350ed11e08cd2dfd048  samba-client-2.2.12-1.21as.8.1.i386.rpm
b9b6703ad46f5e07a2c353c4f3213bbd  samba-common-2.2.12-1.21as.8.1.i386.rpm
1b096bad8e57d2f8312d8b5481693594  samba-swat-2.2.12-1.21as.8.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.9-1.3E.14.1.src.rpm
109ff11f7bae2ea32001733dfcb494a4  samba-3.0.9-1.3E.14.1.src.rpm

i386:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
bfb5a0569b61135deb3f9364fa36da1b  samba-client-3.0.9-1.3E.14.1.i386.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
ae11744aa2d5e3acb6005049376645d1  samba-swat-3.0.9-1.3E.14.1.i386.rpm

ia64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
e199d3394b047493501054854becba95  samba-3.0.9-1.3E.14.1.ia64.rpm
7683498f19d4dc2457c94c2b2c383c5c  samba-client-3.0.9-1.3E.14.1.ia64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
072b014b104dd5c3e47cb7ff95f49c19  samba-common-3.0.9-1.3E.14.1.ia64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
dcefead38a15b5045623c062b62f93cb  samba-debuginfo-3.0.9-1.3E.14.1.ia64.rpm
90d018a6319715a6ebaa8ec589d6a5ed  samba-swat-3.0.9-1.3E.14.1.ia64.rpm

ppc:
2d19e0c0dd38a67a58f7554ed1813960  samba-3.0.9-1.3E.14.1.ppc.rpm
7220d706da598f65fb2034c59436ca39  samba-3.0.9-1.3E.14.1.ppc64.rpm
e0b4f4c3d2b1a0110e4cd854ee4b5d63  samba-client-3.0.9-1.3E.14.1.ppc.rpm
bb761b0be35251a3271fe517485b73fc  samba-common-3.0.9-1.3E.14.1.ppc.rpm
fa3ebbb6aff8c03433d314fdf7907eda  samba-common-3.0.9-1.3E.14.1.ppc64.rpm
040a878f51d0628cc81fc509f8241b61  samba-debuginfo-3.0.9-1.3E.14.1.ppc.rpm
94e7a01b31e73b9779df25a97b8b8588  samba-debuginfo-3.0.9-1.3E.14.1.ppc64.rpm
ea9388a3ef700197148af7217cab23e7  samba-swat-3.0.9-1.3E.14.1.ppc.rpm

s390:
442c0489b0b6e47c30d29920d86ad1c6  samba-3.0.9-1.3E.14.1.s390.rpm
8fd814d9aaf60d506c00458f046e135f  samba-client-3.0.9-1.3E.14.1.s390.rpm
ad59ab1c42546e3713d8e2fa06ca5dcf  samba-common-3.0.9-1.3E.14.1.s390.rpm
ddd8aac31875f86285765f449464b9b6  samba-debuginfo-3.0.9-1.3E.14.1.s390.rpm
ff6c34142632863ceeba2b51ee6ab63d  samba-swat-3.0.9-1.3E.14.1.s390.rpm

s390x:
442c0489b0b6e47c30d29920d86ad1c6  samba-3.0.9-1.3E.14.1.s390.rpm
4631bddcfdea1831b9e710788663b2f3  samba-3.0.9-1.3E.14.1.s390x.rpm
4ed24e0dc5a06239b696b7ca3f0299af  samba-client-3.0.9-1.3E.14.1.s390x.rpm
ad59ab1c42546e3713d8e2fa06ca5dcf  samba-common-3.0.9-1.3E.14.1.s390.rpm
4e802689c31db058065f7899f2fcc0c9  samba-common-3.0.9-1.3E.14.1.s390x.rpm
ddd8aac31875f86285765f449464b9b6  samba-debuginfo-3.0.9-1.3E.14.1.s390.rpm
efbf689c8e0baae4a2c4bc6f9be95e69  samba-debuginfo-3.0.9-1.3E.14.1.s390x.rpm
1314e87a446697fe5b76a621b5cfff58  samba-swat-3.0.9-1.3E.14.1.s390x.rpm

x86_64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
27c811b470b7350b3139448d74f2de27  samba-3.0.9-1.3E.14.1.x86_64.rpm
63cc1e310310586bbeff693cd5353a49  samba-client-3.0.9-1.3E.14.1.x86_64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
689ce45d04eba3215f144691815ab8bb  samba-common-3.0.9-1.3E.14.1.x86_64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
f18185d69a5ba27b86fa99f2d20d0048  samba-debuginfo-3.0.9-1.3E.14.1.x86_64.rpm
984deb53f02277f5cb4e7aac5c44ea0a  samba-swat-3.0.9-1.3E.14.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.9-1.3E.14.1.src.rpm
109ff11f7bae2ea32001733dfcb494a4  samba-3.0.9-1.3E.14.1.src.rpm

i386:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
bfb5a0569b61135deb3f9364fa36da1b  samba-client-3.0.9-1.3E.14.1.i386.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
ae11744aa2d5e3acb6005049376645d1  samba-swat-3.0.9-1.3E.14.1.i386.rpm

x86_64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
27c811b470b7350b3139448d74f2de27  samba-3.0.9-1.3E.14.1.x86_64.rpm
63cc1e310310586bbeff693cd5353a49  samba-client-3.0.9-1.3E.14.1.x86_64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
689ce45d04eba3215f144691815ab8bb  samba-common-3.0.9-1.3E.14.1.x86_64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
f18185d69a5ba27b86fa99f2d20d0048  samba-debuginfo-3.0.9-1.3E.14.1.x86_64.rpm
984deb53f02277f5cb4e7aac5c44ea0a  samba-swat-3.0.9-1.3E.14.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.9-1.3E.14.1.src.rpm
109ff11f7bae2ea32001733dfcb494a4  samba-3.0.9-1.3E.14.1.src.rpm

i386:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
bfb5a0569b61135deb3f9364fa36da1b  samba-client-3.0.9-1.3E.14.1.i386.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
ae11744aa2d5e3acb6005049376645d1  samba-swat-3.0.9-1.3E.14.1.i386.rpm

ia64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
e199d3394b047493501054854becba95  samba-3.0.9-1.3E.14.1.ia64.rpm
7683498f19d4dc2457c94c2b2c383c5c  samba-client-3.0.9-1.3E.14.1.ia64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
072b014b104dd5c3e47cb7ff95f49c19  samba-common-3.0.9-1.3E.14.1.ia64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
dcefead38a15b5045623c062b62f93cb  samba-debuginfo-3.0.9-1.3E.14.1.ia64.rpm
90d018a6319715a6ebaa8ec589d6a5ed  samba-swat-3.0.9-1.3E.14.1.ia64.rpm

x86_64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
27c811b470b7350b3139448d74f2de27  samba-3.0.9-1.3E.14.1.x86_64.rpm
63cc1e310310586bbeff693cd5353a49  samba-client-3.0.9-1.3E.14.1.x86_64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
689ce45d04eba3215f144691815ab8bb  samba-common-3.0.9-1.3E.14.1.x86_64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
f18185d69a5ba27b86fa99f2d20d0048  samba-debuginfo-3.0.9-1.3E.14.1.x86_64.rpm
984deb53f02277f5cb4e7aac5c44ea0a  samba-swat-3.0.9-1.3E.14.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.9-1.3E.14.1.src.rpm
109ff11f7bae2ea32001733dfcb494a4  samba-3.0.9-1.3E.14.1.src.rpm

i386:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
bfb5a0569b61135deb3f9364fa36da1b  samba-client-3.0.9-1.3E.14.1.i386.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
ae11744aa2d5e3acb6005049376645d1  samba-swat-3.0.9-1.3E.14.1.i386.rpm

ia64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
e199d3394b047493501054854becba95  samba-3.0.9-1.3E.14.1.ia64.rpm
7683498f19d4dc2457c94c2b2c383c5c  samba-client-3.0.9-1.3E.14.1.ia64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
072b014b104dd5c3e47cb7ff95f49c19  samba-common-3.0.9-1.3E.14.1.ia64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
dcefead38a15b5045623c062b62f93cb  samba-debuginfo-3.0.9-1.3E.14.1.ia64.rpm
90d018a6319715a6ebaa8ec589d6a5ed  samba-swat-3.0.9-1.3E.14.1.ia64.rpm

x86_64:
4de0c6d2dae246e46a56db2cec7b64de  samba-3.0.9-1.3E.14.1.i386.rpm
27c811b470b7350b3139448d74f2de27  samba-3.0.9-1.3E.14.1.x86_64.rpm
63cc1e310310586bbeff693cd5353a49  samba-client-3.0.9-1.3E.14.1.x86_64.rpm
e7b6b04bdf7d0051d2c49272c155fd08  samba-common-3.0.9-1.3E.14.1.i386.rpm
689ce45d04eba3215f144691815ab8bb  samba-common-3.0.9-1.3E.14.1.x86_64.rpm
f37ccac147eed9566c04e0b4a21b7531  samba-debuginfo-3.0.9-1.3E.14.1.i386.rpm
f18185d69a5ba27b86fa99f2d20d0048  samba-debuginfo-3.0.9-1.3E.14.1.x86_64.rpm
984deb53f02277f5cb4e7aac5c44ea0a  samba-swat-3.0.9-1.3E.14.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Shellshock makes Heartbleed look insignificant
Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.