Hi Sebastian, hi List, i have a Problem with the latest Samba-Patch on SuSE 8.2 Prof. The behavior is the same when upgrading from the latest samba patch before and when upgrading from a fresh samba-package from the 8.2 DVD. After patching via YOU i get this: # rcsmb start Samba SMB: Waiting for cupsd to get ready done Starting Samba classic SMB daemon startproc: signal catched /usr/lib/samba/classic/smbd: Aborted failed And in /var/log/messages i find: Dec 23 12:18:53 wanda smbd[28143]: [2004/12/23 12:18:53, 0] lib/fault.c:fault_report(38) Dec 23 12:18:53 wanda smbd[28143]: =============================================================== Dec 23 12:18:53 wanda smbd[28143]: [2004/12/23 12:18:53, 0] lib/fault.c:fault_report(39) Dec 23 12:18:53 wanda smbd[28143]: INTERNAL ERROR: Signal 11 in pid 28143 (2.2.8a-SuSE) Dec 23 12:18:53 wanda smbd[28143]: Please read the file BUGS.txt in the distribution Dec 23 12:18:53 wanda smbd[28143]: [2004/12/23 12:18:53, 0] lib/fault.c:fault_report(41) Dec 23 12:18:53 wanda smbd[28143]: =============================================================== Dec 23 12:18:53 wanda smbd[28143]: [2004/12/23 12:18:53, 0] lib/util.c:smb_panic(1135) Dec 23 12:18:53 wanda smbd[28143]: PANIC: internal error Dec 23 12:18:53 wanda smbd[28143]: Thats not so meaningful for me, but maybe somebody knows a bit more about this problem?! Thanks in advance, Chris Borsbach Sebastian Krahmer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: samba Announcement-ID: SUSE-SA:2004:045 Date: Wednesday, Dec 22st 2004 14:30 MEST Affected products: 8.1, 8.2, 9.0, 9.1, 9.2 SUSE Linux Desktop 1.0 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 9 Vulnerability Type: remote privilege escalation Severity (1-10): 9 SUSE default package: no Cross References: CAN-2004-1154
Content of this advisory: 1) security vulnerability resolved: - several integer overflows problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - none 6) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion
The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine heap memory space needed to copy data. Without these limitations a remote attacker may be able to overflow the heap memory of the process and to overwrite vital information structures which can be abused to execute arbitrary code.
2) solution/workaround
There is no workaround known. Please install the new packages provided on our FTP servers.
3) special instructions and notes
Please make sure that all running instances of smbd which were started before the update were terminated. Run the following command as root:
/usr/sbin/rcsmb try-restart
--snip---