[opensuse-security] SUSE Security Announcement: samba (SUSE-SA:2007:068)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: samba
Announcement ID: SUSE-SA:2007:068
Date: Wed, 12 Dec 2007 09:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
openSUSE 10.3
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Desktop 1.0
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE Default Package: no
Cross-References: CVE-2007-6015
Content of This Advisory:
1) Security Vulnerability Resolved:
buffer overflow fixed in send_mailslot()
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Samba suite is an open-source implementatin of the SMB protocol.
This update of samba fixes a buffer overflow in function send_mailslot()
that allows remote attackers to overwrite the stack with 0 (via memset(3))
by sending specially crafted SAMLOGON packets.
This bug can only be triggered if option "domain logon" is enabled.
2) Solution or Work-Around
Please install the update.
3) Special Instructions and Notes
restart the samba daemon
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-12-12 at 09:53 +0100, Thomas Biege wrote:
SUSE Security Announcement
Package: samba Announcement ID: SUSE-SA:2007:068 Date: Wed, 12 Dec 2007 09:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3
...
1) Problem Description and Brief Discussion
The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets.
This bug can only be triggered if option "domain logon" is enabled.
Does this one solve the core dump and crash problem caused by the previous update? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHX/7ltTMYHG2NR9URAkK0AJ4sf33muzs+JNzNIkeuNwoLpQTxMACfbLVc bGSSyN1JRFk612LOgfctsSg= =R5t9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wed, Dec 12, 2007 at 04:31:47PM +0100, Carlos E. R. wrote:
The Wednesday 2007-12-12 at 09:53 +0100, Thomas Biege wrote:
SUSE Security Announcement
Package: samba Announcement ID: SUSE-SA:2007:068 Date: Wed, 12 Dec 2007 09:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3
...
1) Problem Description and Brief Discussion
The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets.
This bug can only be triggered if option "domain logon" is enabled.
Does this one solve the core dump and crash problem caused by the previous update?
It should. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-12-12 at 17:12 +0100, Marcus Meissner wrote:
Does this one solve the core dump and crash problem caused by the previous update?
It should.
Yes, I updated and so far, no problems; thanks. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHYd1RtTMYHG2NR9URAkIMAJ9+opiaj83DOZPkYl3+0u5yYzGtJwCbB2TF x69XbxJJ6S/onRc9Ttx4XVA= =vz49 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Carlos E. R.
-
Marcus Meissner
-
Thomas Biege