Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities

From: security () sco com
Date: Fri, 2 May 2003 14:18:42 -0700
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: Various serious Samba vulnerabilities
Advisory number:        CSSA-2003-017.0
Issue date:             2003 May 02
Cross reference:
______________________________________________________________________________


1. Problem Description

        This update addresses the following Samba issues:

        A bug in the length checking for encrypted password change
        requests from clients could be exploited using a buffer
        overrun attack on the smbd stack.

        A vulnerability that could lead to an anonymous user gaining
        root access on a Samba serving system.

        A chown race condition that could allow overwriting of
        critical system files if exploited.

        A buffer overflow in the call_trans2open function in trans2.c
        allows remote attackers to execute arbitrary code.

        Multiple buffer overflows that may allow remote attackers to
        execute arbitrary code or cause a denial of service.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to libsmbclient-2.2.2-7.i386.rpm
                                        prior to samba-2.2.2-7.i386.rpm
                                        prior to samba-doc-2.2.2-7.i386.rpm
                                        prior to smbfs-2.2.2-7.i386.rpm
                                        prior to swat-2.2.2-7.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to libsmbclient-2.2.2-7.i386.rpm
                                        prior to samba-2.2.2-7.i386.rpm
                                        prior to samba-doc-2.2.2-7.i386.rpm
                                        prior to smbfs-2.2.2-7.i386.rpm
                                        prior to swat-2.2.2-7.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/RPMS

        4.2 Packages

        a4f667678f6a3c283491ae04480625d6        libsmbclient-2.2.2-7.i386.rpm
        8c95e0b81771bb703e08937125e8c9bf        samba-2.2.2-7.i386.rpm
        2a590b5458186279fd3bb17bb87c5af3        samba-doc-2.2.2-7.i386.rpm
        fcabaf8b0567ed5faad0e2fe8e206f92        smbfs-2.2.2-7.i386.rpm
        bd13c1771c2267549916f3afb60ad019        swat-2.2.2-7.i386.rpm

        4.3 Installation

        rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
        rpm -Fvh samba-2.2.2-7.i386.rpm
        rpm -Fvh samba-doc-2.2.2-7.i386.rpm
        rpm -Fvh smbfs-2.2.2-7.i386.rpm
        rpm -Fvh swat-2.2.2-7.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/SRPMS

        4.5 Source Packages

        403ddcea6384a309768066e06941a68f        samba-2.2.2-7.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/RPMS

        5.2 Packages

        c04cb8377d18180c6b914ed9d0d1d4e3        libsmbclient-2.2.2-7.i386.rpm
        aad7fa4db863931a9c57b8720e17cbb6        samba-2.2.2-7.i386.rpm
        be052cbf6e77f05ad1cbc7fba57be7bd        samba-doc-2.2.2-7.i386.rpm
        4bf70f287baf74e47ef5cff351a7a740        smbfs-2.2.2-7.i386.rpm
        906d1705b64767cd774e29287b5ab437        swat-2.2.2-7.i386.rpm

        5.3 Installation

        rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
        rpm -Fvh samba-2.2.2-7.i386.rpm
        rpm -Fvh samba-doc-2.2.2-7.i386.rpm
        rpm -Fvh smbfs-2.2.2-7.i386.rpm
        rpm -Fvh swat-2.2.2-7.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/SRPMS

        5.5 Source Packages

        21c0df3f652692c3db10dd5783e78e93        samba-2.2.2-7.src.rpm


6. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr876764, sr875830,
        sr872195, fz527679, fz527532, fz526744, erg712283, erg712263,
        erg712169.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        Steve Langasek (Debian), Sebastian Krahmer (SuSE), and Digital
        Defense Inc. discovered and researched these vulnerabilities.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: