SuSE Security Announcement: samba (SuSE-SA:2003:016)
Resent for Announcement-ID change from SuSE-SA:2003:015 to SuSE-SA:2003:016
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: samba, samba-client
Announcement-ID: SuSE-SA:2003:016
Date: Wednesday, March 19th 12:00 MET
Affected products: 7.1, 7.2, 7.3, 8.0, 8.1
SuSE Linux Database Server
SuSE eMail Server 3.1
SuSE eMail Server III
SuSE Firewall Adminhost VPN
SuSE Linux Admin-CD for Firewall
SuSE Firewall on CD 2 - VPN
SuSE Firewall on CD 2
SuSE Linux Enterprise Server for S/390
SuSE Linux Connectivity Server
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server 8
SuSE Linux Office Server
Vulnerability Type: remote command execution
Severity (1-10): 7
SuSE default package: No
Cross References: http://www.samba.org
CAN-2003-0085
CAN-2003-0086
Content of this advisory:
1) security vulnerability resolved: buffer overflows and a chown
race condition in the smbd server, buffer overflow in the samba
client
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- wget
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
Sebastian Krahmer, SuSE Security Team, reviewed security-critical
parts of the Samba server within the scope of security audits that
the SuSE Security Team conducts on a regular basis for security-critical
Open Source Software.
Buffer overflows and a chown race condition have been discovered and
fixed during the security audit. The buffer overflow vulnerabilitiy
allows a remote attacker to execute arbitrary commands as root on the
system running samba. In addition to the flaws fixed in the samba
server, some overflow conditions in the samba-client package have
been fixed with the available update packages. It is strongly
recommended to install the update packages on a system where the
samba package is used.
There exists no temporary workaround against this vulnerability other
than shutting down the smbd daemon.
We would like to thank the Samba Team, especially Jeremy Allison, Andrew
Bartlett and Volker Lendecke for their quick response and cooperation.
Please note that the package names for SuSE products vary for different
products. There exist the following pairings:
server client
----------------------------
samba smbclnt
samba samba-client
samba-classic samba-classic-client
samba-ldap samba-ldap-client
To find out which packages are installed on your system, you may run
the following command:
rpm -qa|egrep '(samba|smbclnt)'
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
SPECIAL INSTALL INSTRUCTIONS:
==============================
After successfully installing the update packages, you should restart
the samba server process(es) to make the changes in the system effective.
If you do not have a samba server running on your system, no further
action is required. If you have a samba server running, please run the
following command as root:
rcsmb restart
Intel i386 Platform:
SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.5-160.i586.rpm
deae19fe6dc1fd519c9219e791983128
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-client-2.2.5-160.i586.rpm
dac659a9c774ed1e0f8cea04e5b287ee
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.5-160.i586.patch.rpm
1fdedee145fd35ad30ef078182bfcdeb
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-client-2.2.5-160.i586.patch.rpm
7bf4707c05c477db610f2a79b48b51a5
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/samba-2.2.5-160.src.rpm
f62e0b9ffb00058ec4be67746903a4cc
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/samba-2.2.3a-169.i386.rpm
519550b7d4a52f63ca858f1f58c283aa
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/samba-client-2.2.3a-169.i386.rpm
daeb00edf26acfcbad92bae602689d42
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/samba-2.2.3a-169.i386.patch.rpm
faf4c352d880b1f1be4baa3e8079243f
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/samba-client-2.2.3a-169.i386.patch.rpm
7bbcc81d79bebff8103c37f8cb8565dc
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/samba-2.2.3a-169.src.rpm
daf838ccb337ca0863c65a9439e7ef7a
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/samba-2.2.1a-213.i386.rpm
368e2d0190b4520965a79bf836eaaa2d
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/samba-client-2.2.1a-213.i386.rpm
06070925fd5cb40bc3f2985a5d64eff1
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/samba-2.2.1a-213.src.rpm
af94d5ba0977e69de416fef54980a04d
SuSE-7.2:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/samba-2.2.0a-48.i386.rpm
6300d1278311145e69522d58bde5aaf8
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/smbclnt-2.2.0a-48.i386.rpm
2553481e90b85a616c25580eb2875ea4
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/samba-2.2.0a-48.src.rpm
0d7397de281f100163fa105c972b387d
SuSE-7.1:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/samba-2.0.10-27.i386.rpm
1eb26f1ef80681ec479a9028d51647bf
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/smbclnt-2.0.10-27.i386.rpm
fa2a4d306536dd90a31677487996f2e0
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/samba-2.0.10-27.src.rpm
1cd317f5749de96e432fee19310ea6f6
Sparc Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/samba-2.2.1a-73.sparc.rpm
9e140d7fe66015dfbb7f9b9edce5f91e
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/samba-client-2.2.1a-73.sparc.rpm
632d72c89565cc90be8e02b50d3cdb9a
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/samba-2.2.1a-73.src.rpm
eea5157ce34ff8cb959ed46c144dd96f
AXP Alpha Platform:
SuSE-7.1:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/samba-2.0.10-21.alpha.rpm
046c7de92587d7a1c30d915b72e176bc
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/smbclnt-2.0.10-21.alpha.rpm
12e9b05050a1610ba03f5338c6f92b82
source rpm(s):
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/samba-2.0.10-21.src.rpm
79359cbca70ec1fb8a425e5b9a7eb00c
PPC Power PC Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/samba-2.2.1a-147.ppc.rpm
bd367591e2df9061baa618d6a78c84b1
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/samba-client-2.2.1a-147.ppc.rpm
b05f69057a35abde3e2c19aa456f8467
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/samba-2.2.1a-147.src.rpm
d990a6b247a6a38eaaeaef06f71269ea
SuSE-7.1:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/samba-2.0.10-21.ppc.rpm
5dc1f1d9337a5241cb35e7179e8fb28b
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/smbclnt-2.0.10-21.ppc.rpm
76263c619a4d05ef4f4de4f9813a0a72
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/samba-2.0.10-21.src.rpm
be112406b4fff2b5e4a08a67a2411919
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- wget
New wget packages are available which filter certain characters
such as .. and / in filenames to ensure evil servers cannot overwrite
important system-files or files outside the current directory.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
participants (1)
-
Marc Heuse