-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200211-007 - - -------------------------------------------------------------------- PACKAGE : samba SUMMARY : remote root access DATE : 2002-11-21 09:11 UTC EXPLOIT : remote - - -------------------------------------------------------------------- - From 2.2.7 release notes: There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Read the full release notes at http://se.samba.org/samba/whatsnew/samba-2.2.7.html SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/samba-2.2.5-r1 and earlier update their systems as follows: emerge rsync emerge samba emerge clean - - -------------------------------------------------------------------- alizat_private - GnuPG key is available at www.gentoo.org/~aliz woodchipat_private - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE93KKCfT7nyhUpoZMRAoZeAKCb7Jdu+glo0BIN3wq4+cDSbmQLKACgnbaY 2+7FwJUYxYALLzhRpckJuNE= =PWpJ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sat Nov 23 2002 - 04:43:38 PST