----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: samba Affected products: ImmunixOS 7.0, 7+ Bugs fixed: CAN-2003-0201 Date: Mon Apr 7 2003 Advisory ID: IMNX-2003-7+-006-01 Author: Seth Arnold <sarnold@wirex.com> ----------------------------------------------------------------------- Description: Digital Defense found an actively-exploited samba static-buffer overflow on a honeypot system. They figured out the vulnerable section of code and alerted the Samba team, who found some additional bugs while fixing this bug. In samba version 2.0.10, this buffer is located on the heap, so StackGuard does not provide protection for this buffer overflow. There are actively-used samba 2.2 exploits that allow remote anonymous users to gain local root privileges. The samba 2.2 exploit analyzed by Digital Defense used a statically allocated buffer. While we do not know of any exploits against the 2.0.10 version, it may be possible to re-write the exploit in use to attack the heap-based buffer in samba 2.0.10. We recommend upgrading. Please note this is different from (and includes the fixes from) IMNX-2003-7+-003-01, which addressed different samba security flaws. References: http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0 Package names and locations: Precompiled binary packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_3.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_3.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_3.i386.rpm Immunix OS 7+ md5sums: 13b41eeaf5ef6d018554fab4ae4958bc samba-2.0.10-2_imnx_3.i386.rpm bbfeb9255328a8e73790f390aa7afb9f samba-client-2.0.10-2_imnx_3.i386.rpm feeb2e9d872f5bdc01c44ee125f0170c samba-common-2.0.10-2_imnx_3.i386.rpm ffa5900e389ed12620ec72bd4fdf5c15 samba-2.0.10-2_imnx_3.src.rpm GPG verification: Our public key is available at <http://wirex.com/security/GPG_KEY>. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 6.2 is no longer officially supported. ImmunixOS 7.0 is no longer officially supported. Contact information: To report vulnerabilities, please contact security@wirex.com. WireX attempts to conform to the RFP vulnerability disclosure protocol <http://www.wiretrip.net/rfp/policy.html>.
Attachment:
pgp00334.pgp
Description: PGP signature
