Date: 17 November 2004
References: ESB-2004.0714 ESB-2004.0730
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0732 -- RHSA-2004:632-01
Updated samba packages fix security issues
17 November 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: samba
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Execute Arbitrary Code/Commands
Denial of Service
CVE Names: CAN-2004-0930 CAN-2004-0882
Ref: ESB-2004.0714
ESB-2004.0730
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated samba packages fix security issues
Advisory ID: RHSA-2004:632-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-632.html
Issue date: 2004-11-16
Updated on: 2004-11-16
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0882 CAN-2004-0930
- - ---------------------------------------------------------------------
1. Summary:
Updated samba packages that fix various security vulnerabilities are now
available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
Samba provides file and printer sharing services to SMB/CIFS clients.
During a code audit, Stefan Esser discovered a buffer overflow in Samba
versions prior to 3.0.8 when handling unicode filenames. An authenticated
remote user could exploit this bug which may lead to arbitrary code
execution on the server. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0882 to this issue. Red Hat
believes that the Exec-Shield technology (enabled by default since Update
3) will block attempts to remotely exploit this vulnerability on x86
architectures.
Additionally, a bug was found in the input validation routines in versions
of Samba prior to 3.0.8 that caused the smbd process to consume abnormal
amounts of system memory. An authenticated remote user could exploit this
bug to cause a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0930 to this issue.
Users of Samba should upgrade to these updated packages, which contain
backported security patches, and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
138325 - CAN-2004-0930 wildcard remote DoS
134640 - CAN-2004-0882 unicode parsing overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.12-1.21as.1.src.rpm
e1220dc76372c90c46faa649cbba1ee6 samba-2.2.12-1.21as.1.src.rpm
i386:
6f81c1ecf8b0b0355ce70502e9a85326 samba-2.2.12-1.21as.1.i386.rpm
350ef1e72e4743b0be11603ee1f42cca samba-client-2.2.12-1.21as.1.i386.rpm
ac6ae17ef6870ebbabd4817f1f90fcd9 samba-common-2.2.12-1.21as.1.i386.rpm
9988653768e2c954a9ccbe73ff67ed75 samba-swat-2.2.12-1.21as.1.i386.rpm
ia64:
a96f03101ea7bd41d886fa95bf9f4308 samba-2.2.12-1.21as.1.ia64.rpm
2a4452ec646410dccdd0c23e53203b69 samba-client-2.2.12-1.21as.1.ia64.rpm
31daf4320431b9ff26e51d63e58785f0 samba-common-2.2.12-1.21as.1.ia64.rpm
06a17eba99c63289a22ea54e6ade8b64 samba-swat-2.2.12-1.21as.1.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.12-1.21as.1.src.rpm
e1220dc76372c90c46faa649cbba1ee6 samba-2.2.12-1.21as.1.src.rpm
ia64:
a96f03101ea7bd41d886fa95bf9f4308 samba-2.2.12-1.21as.1.ia64.rpm
2a4452ec646410dccdd0c23e53203b69 samba-client-2.2.12-1.21as.1.ia64.rpm
31daf4320431b9ff26e51d63e58785f0 samba-common-2.2.12-1.21as.1.ia64.rpm
06a17eba99c63289a22ea54e6ade8b64 samba-swat-2.2.12-1.21as.1.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.12-1.21as.1.src.rpm
e1220dc76372c90c46faa649cbba1ee6 samba-2.2.12-1.21as.1.src.rpm
i386:
6f81c1ecf8b0b0355ce70502e9a85326 samba-2.2.12-1.21as.1.i386.rpm
350ef1e72e4743b0be11603ee1f42cca samba-client-2.2.12-1.21as.1.i386.rpm
ac6ae17ef6870ebbabd4817f1f90fcd9 samba-common-2.2.12-1.21as.1.i386.rpm
9988653768e2c954a9ccbe73ff67ed75 samba-swat-2.2.12-1.21as.1.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.12-1.21as.1.src.rpm
e1220dc76372c90c46faa649cbba1ee6 samba-2.2.12-1.21as.1.src.rpm
i386:
6f81c1ecf8b0b0355ce70502e9a85326 samba-2.2.12-1.21as.1.i386.rpm
350ef1e72e4743b0be11603ee1f42cca samba-client-2.2.12-1.21as.1.i386.rpm
ac6ae17ef6870ebbabd4817f1f90fcd9 samba-common-2.2.12-1.21as.1.i386.rpm
9988653768e2c954a9ccbe73ff67ed75 samba-swat-2.2.12-1.21as.1.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.7-1.3E.1.src.rpm
122c0bb27aac341fc37156dc94fc522e samba-3.0.7-1.3E.1.src.rpm
i386:
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
bfbacd051ca80500a34991d3dc9ca3ce samba-client-3.0.7-1.3E.1.i386.rpm
370cf89a18b670160f51608041812c24 samba-common-3.0.7-1.3E.1.i386.rpm
f89375430ce2785a01cc4586d9689f5a samba-swat-3.0.7-1.3E.1.i386.rpm
ia64:
e733b35d09659e19a1afcf10ab1ab7dc samba-3.0.7-1.3E.1.ia64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
c02426d44e8bbdf625c6baa3b63f7f6c samba-client-3.0.7-1.3E.1.ia64.rpm
0a37cd8c24c6f69bb1df0aab93467670 samba-common-3.0.7-1.3E.1.ia64.rpm
bf2bfb26e2bb0ccd7c66841214465655 samba-swat-3.0.7-1.3E.1.ia64.rpm
ppc:
0c2696dce74d906545781ecdeca858c7 samba-3.0.7-1.3E.1.ppc.rpm
585752b05ad3796f7fa614c06aed33c6 samba-client-3.0.7-1.3E.1.ppc.rpm
f75539c9db2405597957edf1b219a158 samba-common-3.0.7-1.3E.1.ppc.rpm
2318bcd405d8a884e437d905a31b2fc1 samba-swat-3.0.7-1.3E.1.ppc.rpm
ppc64:
e52f8991a6c1e6acb03a567f988019d7 samba-3.0.7-1.3E.1.ppc64.rpm
s390:
9da990f973c4b9cdf5c2ba67e571492f samba-3.0.7-1.3E.1.s390.rpm
6c5535ee6419de2597e90d4b67651342 samba-client-3.0.7-1.3E.1.s390.rpm
58560ac1022642fcde78b34d9b765bd0 samba-common-3.0.7-1.3E.1.s390.rpm
70c2f0e373c3f3364420d413524bf18c samba-swat-3.0.7-1.3E.1.s390.rpm
s390x:
a2d13a8f4ca6eefaa52cf69abb23223c samba-3.0.7-1.3E.1.s390x.rpm
9da990f973c4b9cdf5c2ba67e571492f samba-3.0.7-1.3E.1.s390.rpm
b0390f7081498b6f9a3570c3362de11f samba-client-3.0.7-1.3E.1.s390x.rpm
23da9fd92b3c59c1e318a2a701494785 samba-common-3.0.7-1.3E.1.s390x.rpm
802db132f4ec3fe57a42884c1f20c487 samba-swat-3.0.7-1.3E.1.s390x.rpm
x86_64:
440a9ae7f707066f28f66b127f1b564c samba-3.0.7-1.3E.1.x86_64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
fffa29e5873d2c188b34a720c8e73929 samba-client-3.0.7-1.3E.1.x86_64.rpm
26543f2db62357e8a9aebdbf1acf3274 samba-common-3.0.7-1.3E.1.x86_64.rpm
a699adf4b14ee22dea0d6a4d84e66f24 samba-swat-3.0.7-1.3E.1.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.7-1.3E.1.src.rpm
122c0bb27aac341fc37156dc94fc522e samba-3.0.7-1.3E.1.src.rpm
i386:
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
bfbacd051ca80500a34991d3dc9ca3ce samba-client-3.0.7-1.3E.1.i386.rpm
370cf89a18b670160f51608041812c24 samba-common-3.0.7-1.3E.1.i386.rpm
f89375430ce2785a01cc4586d9689f5a samba-swat-3.0.7-1.3E.1.i386.rpm
x86_64:
440a9ae7f707066f28f66b127f1b564c samba-3.0.7-1.3E.1.x86_64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
fffa29e5873d2c188b34a720c8e73929 samba-client-3.0.7-1.3E.1.x86_64.rpm
26543f2db62357e8a9aebdbf1acf3274 samba-common-3.0.7-1.3E.1.x86_64.rpm
a699adf4b14ee22dea0d6a4d84e66f24 samba-swat-3.0.7-1.3E.1.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.7-1.3E.1.src.rpm
122c0bb27aac341fc37156dc94fc522e samba-3.0.7-1.3E.1.src.rpm
i386:
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
bfbacd051ca80500a34991d3dc9ca3ce samba-client-3.0.7-1.3E.1.i386.rpm
370cf89a18b670160f51608041812c24 samba-common-3.0.7-1.3E.1.i386.rpm
f89375430ce2785a01cc4586d9689f5a samba-swat-3.0.7-1.3E.1.i386.rpm
ia64:
e733b35d09659e19a1afcf10ab1ab7dc samba-3.0.7-1.3E.1.ia64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
c02426d44e8bbdf625c6baa3b63f7f6c samba-client-3.0.7-1.3E.1.ia64.rpm
0a37cd8c24c6f69bb1df0aab93467670 samba-common-3.0.7-1.3E.1.ia64.rpm
bf2bfb26e2bb0ccd7c66841214465655 samba-swat-3.0.7-1.3E.1.ia64.rpm
x86_64:
440a9ae7f707066f28f66b127f1b564c samba-3.0.7-1.3E.1.x86_64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
fffa29e5873d2c188b34a720c8e73929 samba-client-3.0.7-1.3E.1.x86_64.rpm
26543f2db62357e8a9aebdbf1acf3274 samba-common-3.0.7-1.3E.1.x86_64.rpm
a699adf4b14ee22dea0d6a4d84e66f24 samba-swat-3.0.7-1.3E.1.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.7-1.3E.1.src.rpm
122c0bb27aac341fc37156dc94fc522e samba-3.0.7-1.3E.1.src.rpm
i386:
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
bfbacd051ca80500a34991d3dc9ca3ce samba-client-3.0.7-1.3E.1.i386.rpm
370cf89a18b670160f51608041812c24 samba-common-3.0.7-1.3E.1.i386.rpm
f89375430ce2785a01cc4586d9689f5a samba-swat-3.0.7-1.3E.1.i386.rpm
ia64:
e733b35d09659e19a1afcf10ab1ab7dc samba-3.0.7-1.3E.1.ia64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
c02426d44e8bbdf625c6baa3b63f7f6c samba-client-3.0.7-1.3E.1.ia64.rpm
0a37cd8c24c6f69bb1df0aab93467670 samba-common-3.0.7-1.3E.1.ia64.rpm
bf2bfb26e2bb0ccd7c66841214465655 samba-swat-3.0.7-1.3E.1.ia64.rpm
x86_64:
440a9ae7f707066f28f66b127f1b564c samba-3.0.7-1.3E.1.x86_64.rpm
0a6450f412492dff6b01562de975708d samba-3.0.7-1.3E.1.i386.rpm
fffa29e5873d2c188b34a720c8e73929 samba-client-3.0.7-1.3E.1.x86_64.rpm
26543f2db62357e8a9aebdbf1acf3274 samba-common-3.0.7-1.3E.1.x86_64.rpm
a699adf4b14ee22dea0d6a4d84e66f24 samba-swat-3.0.7-1.3E.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
7. References:
http://www.samba.org/samba/history/samba-3.0.9.html
http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD4DBQFBmjyQXlSAg2UNWIIRAjTjAJ9gxGmxk1Sl5CK8mD5e9bZ8hGut4QCXXAom
Ixd6MJT0aGqbMTB+Qd7d0Q==
=HYSg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQZqeNSh9+71yA2DNAQKY1QP/dx/5IHBjVNJldpT6dnHfkDiiKoWllkJn
vmUn/ZxYGl31JqDNx+jx1cedgMl3oHYftIvbDdk2t8BUcywAoQ4Ct9mi/TFssMyq
/nX41MZLZzNMmVYcNe3bWDOT+xWrxG4uwHKa3N6zFESvimXbqpuPXoSYuqZs+1n7
X8PaXHfO8Yc=
=CUDO
-----END PGP SIGNATURE-----
|