Australia's Leading Computer Emergency Response Team

ESB-2005.0262 -- Debian Security Advisory DSA 701-1 -- New samba packages fix arbitrary code execution
Date: 01 April 2005
Original URL:
References: ESB-2004.0782  AU-2005.0010  

Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

            ESB-2005.0262 -- Debian Security Advisory DSA 701-1
              New samba packages fix arbitrary code execution
                               1 April 2005


        AusCERT Security Bulletin Summary

Product:           samba
Publisher:         Debian
Operating System:  Debian GNU/Linux 3.0
Impact:            Root Compromise
                   Execute Arbitrary Code/Commands
Access:            Existing Account
CVE Names:         CAN-2004-1154

Ref:               ESB-2004.0782

Original Bulletin:

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 701-1                                        Martin Schulze
March 31st, 2005              
- - --------------------------------------------------------------------------

Package        : samba
Vulnerability  : integer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1154
CERT advisory  : VU#226184

Greg MacManus discovered an integer overflow in the smb daemon from
Samba, a LanManager like file and printer server for GNU/Linux and
Unix-like systems.  Requesting a very large number of access control
descriptors from the server could exploit the integer overflow, which
may result in a buffer overflow which could lead to the execution of
arbitrary code with root privileges.  Upstream developers have
discovered more possible integer overflows that are fixed with this
update as well.

For the stable distribution (woody) these problems have been fixed in
version 2.2.3a-14.2.

For the unstable distribution (sid) these problems have been fixed in
version 3.0.10-1.

We recommend that you upgrade your samba packages.

Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:
      Size/MD5 checksum:      775 ed6d755e8e623a887796b1f483c09769
      Size/MD5 checksum:   130208 cc39bb74c7553dda203d51f6d8c14aa3
      Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254

  Architecture independent components:
      Size/MD5 checksum:  2447006 abf6acd83baeb484d105c8eb1101543b

  Alpha architecture:
      Size/MD5 checksum:   416676 a860eb37f223fd04606640f40b9a6f0d
      Size/MD5 checksum:   490074 e6946b652f61379f406bc9685f765a11
      Size/MD5 checksum:   601880 bae5a3ac952faa460d8ca4952a8cd401
      Size/MD5 checksum:  2963048 6860982e4f08926c032d28b2614de9eb
      Size/MD5 checksum:  1132586 f422f96231a49f8798e23799773b1913
      Size/MD5 checksum:  1159098 2974f164602da70553a48bb5f33c453f
      Size/MD5 checksum:   952040 108b244edced3569e81ceac4cca464d8
      Size/MD5 checksum:   624342 cfa17afeef989729921d2054ff35e2d0
      Size/MD5 checksum:  1108844 012f203692a25c6ffe3c22f823283423

  ARM architecture:
      Size/MD5 checksum:   397606 e3e807c7cf17368ce1b8dd42ec7d6164
      Size/MD5 checksum:   462146 b715f738b9317243e4fc12cd62fd2396
      Size/MD5 checksum:   548352 5e2a59f8dbb9b9a89416711ef8f7668a
      Size/MD5 checksum:  2557662 3f53c5016e17d7f88e18b8e71b104aa9
      Size/MD5 checksum:  1024318 14d245cf77b2f09f8568b3111f45bb53
      Size/MD5 checksum:  1004756 71f0152421a3ae144c4c1d954a8e968a
      Size/MD5 checksum:   833412 6174eb2e44fad3021e741c18cf400d79
      Size/MD5 checksum:   558488 d991ee85af61b00eba644c1066f25d84
      Size/MD5 checksum:   976166 b0707e5ce8801cd072ebac9c991e9997

  Intel IA-32 architecture:
      Size/MD5 checksum:   389290 889828ac5a057bf25dc3cb7113a9380d
      Size/MD5 checksum:   446478 ed692d3f99e5d7dc2c7e7410c8130c64
      Size/MD5 checksum:   500178 9a79ce62bafb3406d3e72d7ddde7fb86
      Size/MD5 checksum:  2421974 6c6b944883a8fbee61f7408ff37ba8d1
      Size/MD5 checksum:   993612 62aab90749ffb236184542883c55e725
      Size/MD5 checksum:   955560 906eaca395641f209b0fe337217db70b
      Size/MD5 checksum:   794860 163e9b00151866c4b810b7c9e4438e52
      Size/MD5 checksum:   535812 3aa901020246a2485e62e0ede3c6634a
      Size/MD5 checksum:   932022 20cd8457fdfbf90108b15369a31d837f

  Intel IA-64 architecture:
      Size/MD5 checksum:   462676 540dace1a60b0e5cfba97e8866c23a7f
      Size/MD5 checksum:   554712 bd471871155707af98c5b464520a5210
      Size/MD5 checksum:   626242 5d3b0f59069be1e3802a4f43e76cf6f5
      Size/MD5 checksum:  3495238 b45f2ce637e094b1017027df16d00616
      Size/MD5 checksum:  1250614 80d39f2455e74a45b11c854739c08776
      Size/MD5 checksum:  1332568 f52feeb16a80fb9a7919245f3c1356eb
      Size/MD5 checksum:  1100422 157d2efbf4cbb2c8b1b9e1582159be7d
      Size/MD5 checksum:   696270 d03bd295dbfefd9d01510482f92f6e41
      Size/MD5 checksum:  1283854 7b50b300c3613c5ba444c2f24e1ac292

  HP Precision architecture:
      Size/MD5 checksum:   420536 2d65dcc7d03aa1a543e2502a84d786cc
      Size/MD5 checksum:   491894 dc029fc8dd9e0064f4df562eba62e562
      Size/MD5 checksum:   590552 810af1ee8bfe5f6b1ac5587bdceb6b7d
      Size/MD5 checksum:  2798038 cdb68b3c7e2d6729dddb8700cc433690
      Size/MD5 checksum:  1082366 cfc5500a166c1f4e230442fd280b5c04
      Size/MD5 checksum:  1087188 7ba92ad1f99751f1c9f90a9dbd19bd01
      Size/MD5 checksum:   903314 8cc3d7d91b09cffe2ff51476839db369
      Size/MD5 checksum:   590724 e3ad49e185067df013a4fef46a3ee828
      Size/MD5 checksum:  1062004 26531112552c087dadfd7ffc280df23b

  Motorola 680x0 architecture:
      Size/MD5 checksum:   399726 00f799e82545d582d860f46bf10dea70
      Size/MD5 checksum:   461030 a10f03d2fe355df7e797828fe962c800
      Size/MD5 checksum:   505888 591cfb5ebcd6e2dbb68eb948603717aa
      Size/MD5 checksum:  2367100 308996ff251844dd3f0a5fded2a35433
      Size/MD5 checksum:   983814 47b877e8763494e2b00c874095a78a5b
      Size/MD5 checksum:   939616 d19790091af32a60c3e7ee6e0af6a905
      Size/MD5 checksum:   791634 2754a51d35a1cf9398bd1bab50b5ae1b
      Size/MD5 checksum:   525696 9ceb78d6498c3d27cfa4d87b2f379a0a
      Size/MD5 checksum:   933810 2efa93cceb0a3acda77fb0e6e2e6314f

  Big endian MIPS architecture:
      Size/MD5 checksum:   396722 34fb219c9fe830264cdf52c7a0f3b1ab
      Size/MD5 checksum:   460120 57dba7ccba6755517cfc58b4dea07979
      Size/MD5 checksum:   570634 39cdf8befd87163e0e9c52abb6c8b6ce
      Size/MD5 checksum:  2808398 ce1a6d37dab949fb7724aa9faca655dc
      Size/MD5 checksum:  1080004 a2166427424924afc7ded093a42bc01b
      Size/MD5 checksum:  1089938 b0ef5f7ff9cf948c5d2a1fa09780d563
      Size/MD5 checksum:   912144 d4cd215c563ac74d5240dda768f46503
      Size/MD5 checksum:   581964 190062657bbc945d78c731c06b3a897c
      Size/MD5 checksum:  1030284 50054e577b25f48e575f9e83ca41ce0b

  Little endian MIPS architecture:
      Size/MD5 checksum:   392796 c5dc7710c31eceadf0d46f0b40b06809
      Size/MD5 checksum:   454590 318da06daca89d1155c7e5c9b3c93b43
      Size/MD5 checksum:   563800 402e3326d8bd634e15bf1c1a9c4c644a
      Size/MD5 checksum:  2771130 ba9ab77b83292afa7538852f5a868d19
      Size/MD5 checksum:  1073534 b3d8482b87dc1ac20eb4461c9595182c
      Size/MD5 checksum:  1078464 80bc11245b63d47f2e5dba17ce622e59
      Size/MD5 checksum:   899430 27ecacc2e46f7c38b36cd52019b7820c
      Size/MD5 checksum:   577708 60fe284f98cb7a3c18a1918a52ab4dc9
      Size/MD5 checksum:  1017342 75881b6098d79160a85b5b3b0f878011

  PowerPC architecture:
      Size/MD5 checksum:   409336 174f6cfef8574bcc282c7d7cd665770b
      Size/MD5 checksum:   476594 cec7d028024104714af7f7bbdd3668d5
      Size/MD5 checksum:   547480 d7b88a2a152ef39a6f23dbc8ac46d690
      Size/MD5 checksum:  2610996 31eed1691e75a8bbe22187be00f0a14b
      Size/MD5 checksum:  1038260 35d3029a6457c37a8c3a4e4bcd9341ef
      Size/MD5 checksum:  1023524 0526ddd483d09d191c8ddcda9185d0bf
      Size/MD5 checksum:   853602 d5e2a9c4bbec328154d1a08c56f93904
      Size/MD5 checksum:   561486 5626087bf9267d858e0289aee1405a77
      Size/MD5 checksum:  1003532 da00f6f7a477e1a52ba18a335aa127f6

  IBM S/390 architecture:
      Size/MD5 checksum:   404072 b52d6ae5e77777addefd28c58c4a6fe9
      Size/MD5 checksum:   470950 d3385a09944ad94781b880a1d80c9ac6
      Size/MD5 checksum:   527804 27fd260c9398154514e8a70177ce055a
      Size/MD5 checksum:  2501754 6be4ff7189917615125c40e3ee631eef
      Size/MD5 checksum:  1008760 4c6651d64c3c4a9ec8916af1e91e9fb1
      Size/MD5 checksum:   984848 637babef496afe73603eef16112486f4
      Size/MD5 checksum:   835314 efde15896957552cdd76308c9ad2dab2
      Size/MD5 checksum:   538650 b5a655c7d4bec50cdc087c232b9244b6
      Size/MD5 checksum:   967484 4827ac06c204098d224e5f0e88ffc24d

  Sun Sparc architecture:
      Size/MD5 checksum:   401274 61e2ad2290e32ce5aee5c0967563a332
      Size/MD5 checksum:   462188 1e3ef6dd9583ba51c55c87c4f94444d3
      Size/MD5 checksum:   525132 4c2116ac5547fbd4cb7f7a7024ac5d43
      Size/MD5 checksum:  2517230 ba9adc956c8403f54301e0d0cee3d558
      Size/MD5 checksum:  1012856 d1343c98d143e18116f33539fcdd6acd
      Size/MD5 checksum:   987080 ede9dd55c713256a520f1c27fc75d96a
      Size/MD5 checksum:   830820 c3efc54482ca48b1cbab74a8ad6bb252
      Size/MD5 checksum:   544688 65292ae729bb008692ed4b6c4544e995
      Size/MD5 checksum:   967778 668c6be5dce7c832db6db69d57dcd881

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.0 (GNU/Linux)


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.