Immunix Secured OS 7+ samba update

From: Immunix Security Team (securityat_private)
Date: Mon Apr 07 2003 - 11:39:07 PDT

Next message: Martin Schulze: "[SECURITY] [DSA 280-1] New samba packages fix remote root exploit"

Previous message: Immunix Security Team: "[Immunix-announce] Immunix Secured OS 7+ cvs update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	samba
Affected products:	ImmunixOS 7.0, 7+
Bugs fixed:		CAN-2003-0201
Date:			Mon Apr  7 2003
Advisory ID:		IMNX-2003-7+-006-01
Author:			Seth Arnold <sarnoldat_private>
-----------------------------------------------------------------------

Description:
  Digital Defense found an actively-exploited samba static-buffer
  overflow on a honeypot system. They figured out the vulnerable section
  of code and alerted the Samba team, who found some additional bugs
  while fixing this bug.

  In samba version 2.0.10, this buffer is located on the heap, so
  StackGuard does not provide protection for this buffer overflow.
  There are actively-used samba 2.2 exploits that allow remote anonymous
  users to gain local root privileges. The samba 2.2 exploit analyzed by
  Digital Defense used a statically allocated buffer. While we do not
  know of any exploits against the 2.0.10 version, it may be possible
  to re-write the exploit in use to attack the heap-based buffer in
  samba 2.0.10. We recommend upgrading.

  Please note this is different from (and includes the fixes from)
  IMNX-2003-7+-003-01, which addressed different samba security flaws.
  
  References:
  http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_3.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_3.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_3.i386.rpm

Immunix OS 7+ md5sums:
  13b41eeaf5ef6d018554fab4ae4958bc  samba-2.0.10-2_imnx_3.i386.rpm
  bbfeb9255328a8e73790f390aa7afb9f  samba-client-2.0.10-2_imnx_3.i386.rpm
  feeb2e9d872f5bdc01c44ee125f0170c  samba-common-2.0.10-2_imnx_3.i386.rpm
  ffa5900e389ed12620ec72bd4fdf5c15  samba-2.0.10-2_imnx_3.src.rpm


GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact securityat_private WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

application/pgp-signature attachment: stored

Next message: Martin Schulze: "[SECURITY] [DSA 280-1] New samba packages fix remote root exploit"
Previous message: Immunix Security Team: "[Immunix-announce] Immunix Secured OS 7+ cvs update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 07 2003 - 13:12:30 PDT