Bugtraq mailing list archives

Immunix Secured OS 7+ samba update

From: Immunix Security Team <security () wirex com>
Date: Mon, 7 Apr 2003 11:39:07 -0700

-----------------------------------------------------------------------
        Immunix Secured OS Security Advisory

Packages updated:       samba
Affected products:      ImmunixOS 7.0, 7+
Bugs fixed:             CAN-2003-0201
Date:                   Mon Apr  7 2003
Advisory ID:            IMNX-2003-7+-006-01
Author:                 Seth Arnold <sarnold () wirex com>
-----------------------------------------------------------------------

Description:
  Digital Defense found an actively-exploited samba static-buffer
  overflow on a honeypot system. They figured out the vulnerable section
  of code and alerted the Samba team, who found some additional bugs
  while fixing this bug.

  In samba version 2.0.10, this buffer is located on the heap, so
  StackGuard does not provide protection for this buffer overflow.
  There are actively-used samba 2.2 exploits that allow remote anonymous
  users to gain local root privileges. The samba 2.2 exploit analyzed by
  Digital Defense used a statically allocated buffer. While we do not
  know of any exploits against the 2.0.10 version, it may be possible
  to re-write the exploit in use to attack the heap-based buffer in
  samba 2.0.10. We recommend upgrading.

  Please note this is different from (and includes the fixes from)
  IMNX-2003-7+-003-01, which addressed different samba security flaws.
  
  References:
  http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_3.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_3.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_3.i386.rpm

Immunix OS 7+ md5sums:
  13b41eeaf5ef6d018554fab4ae4958bc  samba-2.0.10-2_imnx_3.i386.rpm
  bbfeb9255328a8e73790f390aa7afb9f  samba-client-2.0.10-2_imnx_3.i386.rpm
  feeb2e9d872f5bdc01c44ee125f0170c  samba-common-2.0.10-2_imnx_3.i386.rpm
  ffa5900e389ed12620ec72bd4fdf5c15  samba-2.0.10-2_imnx_3.src.rpm


GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security () wirex com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

Attachment: _bin
Description:

Current thread:

Immunix Secured OS 7+ samba update Immunix Security Team (Apr 01)
- <Possible follow-ups>
- Immunix Secured OS 7+ samba update Immunix Security Team (Apr 07)