Gentoo: samba multiple vulnerabilities
Posted by Team   
Gentoo A buffer overflow and race condition vulnerabilities have been fixed. These vulnerabilities may lead to remote root compromise.

- - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------

          PACKAGE : samba
          SUMMARY : buffer overrun
             DATE : 2003-03-17 09:22 UTC
          EXPLOIT : remote
    FIXED VERSION : >=2.2.8
              CVE : CAN-2003-0085 CAN-2003-0086

- - ---------------------------------------------------------------------

- From advisory:

"The SuSE security audit team, in particular Sebastian Krahmer
, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server."

"A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd."

Read the full advisory at:


It is recommended that all Gentoo Linux users who are running
net-fs/samba upgrade to samba-2.2.8 as follows:

emerge sync
emerge samba
emerge clean

- - --------------------------------------------------------------------- - GnuPG key is available at
- - ---------------------------------------------------------------------