Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities

From: securityat_private
Date: Fri May 02 2003 - 14:18:42 PDT

Next message: David F. Madrid: "Crash in Internet Explorer 6.0 Sp1"

Previous message: Dennis Rand: "Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private announceat_private security-alertsat_private


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: Various serious Samba vulnerabilities
Advisory number: 	CSSA-2003-017.0
Issue date: 		2003 May 02
Cross reference:
______________________________________________________________________________


1. Problem Description

	This update addresses the following Samba issues:

	A bug in the length checking for encrypted password change
	requests from clients could be exploited using a buffer
	overrun attack on the smbd stack.

	A vulnerability that could lead to an anonymous user gaining
	root access on a Samba serving system.

	A chown race condition that could allow overwriting of
	critical system files if exploited.

	A buffer overflow in the call_trans2open function in trans2.c
	allows remote attackers to execute arbitrary code.

	Multiple buffer overflows that may allow remote attackers to
	execute arbitrary code or cause a denial of service.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to libsmbclient-2.2.2-7.i386.rpm
					prior to samba-2.2.2-7.i386.rpm
					prior to samba-doc-2.2.2-7.i386.rpm
					prior to smbfs-2.2.2-7.i386.rpm
					prior to swat-2.2.2-7.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to libsmbclient-2.2.2-7.i386.rpm
					prior to samba-2.2.2-7.i386.rpm
					prior to samba-doc-2.2.2-7.i386.rpm
					prior to smbfs-2.2.2-7.i386.rpm
					prior to swat-2.2.2-7.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/RPMS

	4.2 Packages

	a4f667678f6a3c283491ae04480625d6	libsmbclient-2.2.2-7.i386.rpm
	8c95e0b81771bb703e08937125e8c9bf	samba-2.2.2-7.i386.rpm
	2a590b5458186279fd3bb17bb87c5af3	samba-doc-2.2.2-7.i386.rpm
	fcabaf8b0567ed5faad0e2fe8e206f92	smbfs-2.2.2-7.i386.rpm
	bd13c1771c2267549916f3afb60ad019	swat-2.2.2-7.i386.rpm

	4.3 Installation

	rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
	rpm -Fvh samba-2.2.2-7.i386.rpm
	rpm -Fvh samba-doc-2.2.2-7.i386.rpm
	rpm -Fvh smbfs-2.2.2-7.i386.rpm
	rpm -Fvh swat-2.2.2-7.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/SRPMS

	4.5 Source Packages

	403ddcea6384a309768066e06941a68f	samba-2.2.2-7.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/RPMS

	5.2 Packages

	c04cb8377d18180c6b914ed9d0d1d4e3	libsmbclient-2.2.2-7.i386.rpm
	aad7fa4db863931a9c57b8720e17cbb6	samba-2.2.2-7.i386.rpm
	be052cbf6e77f05ad1cbc7fba57be7bd	samba-doc-2.2.2-7.i386.rpm
	4bf70f287baf74e47ef5cff351a7a740	smbfs-2.2.2-7.i386.rpm
	906d1705b64767cd774e29287b5ab437	swat-2.2.2-7.i386.rpm

	5.3 Installation

	rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
	rpm -Fvh samba-2.2.2-7.i386.rpm
	rpm -Fvh samba-doc-2.2.2-7.i386.rpm
	rpm -Fvh smbfs-2.2.2-7.i386.rpm
	rpm -Fvh swat-2.2.2-7.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/SRPMS

	5.5 Source Packages

	21c0df3f652692c3db10dd5783e78e93	samba-2.2.2-7.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876764, sr875830,
	sr872195, fz527679, fz527532, fz526744, erg712283, erg712263,
	erg712169.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	Steve Langasek (Debian), Sebastian Krahmer (SuSE), and Digital
	Defense Inc. discovered and researched these vulnerabilities.

______________________________________________________________________________

application/pgp-signature attachment: stored

Next message: David F. Madrid: "Crash in Internet Explorer 6.0 Sp1"
Previous message: Dennis Rand: "Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 06 2003 - 08:57:15 PDT