-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:158
Date: December 27th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Remote exploitation of an integer overflow vulnerability
in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
and Samba 3.0.x prior to and including 3.0.9 could
allow an attacker to cause controllable heap corruption,
leading to execution of arbitrary commands with root
privileges.
In order to exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba server.
Unsuccessful exploitation attempts will cause the process
serving the request to crash with signal 11, and may leave
evidence of an attack in logs.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
044e748a82b7666f9219d68ba09a7adf 10.0/RPMS/libsmbclient0-3.0.10-0.1.100mdk.i586.rpm
19cd2615c0869c9cc902f15a5b4baf33 10.0/RPMS/libsmbclient0-devel-3.0.10-0.1.100mdk.i586.rpm
23238ed0bb93bbe8c13441bd070259e9 10.0/RPMS/libsmbclient0-static-devel-3.0.10-0.1.100mdk.i586.rpm
ec297f74a437dcbbe5db54f34c2755dd 10.0/RPMS/nss_wins-3.0.10-0.1.100mdk.i586.rpm
2b4943fd24f6b2d1e41cb653fc51d487 10.0/RPMS/samba-client-3.0.10-0.1.100mdk.i586.rpm
552bf9f7bc92c69177ecc4f2624d9afe 10.0/RPMS/samba-common-3.0.10-0.1.100mdk.i586.rpm
ca8cd95a92811cbad65fde2aaebe3161 10.0/RPMS/samba-doc-3.0.10-0.1.100mdk.i586.rpm
d65ed0afef6eedace0f4fcbc79e9f3e3 10.0/RPMS/samba-passdb-mysql-3.0.10-0.1.100mdk.i586.rpm
8c82cd2bc326bea96352ff4744398c16 10.0/RPMS/samba-passdb-pgsql-3.0.10-0.1.100mdk.i586.rpm
0bedc98e1406681b1408183408b3e26f 10.0/RPMS/samba-passdb-xml-3.0.10-0.1.100mdk.i586.rpm
bb215d5514604591c0a90ee0157583ca 10.0/RPMS/samba-server-3.0.10-0.1.100mdk.i586.rpm
ca5567ba8b739cdd1dc0486e947e791c 10.0/RPMS/samba-swat-3.0.10-0.1.100mdk.i586.rpm
05d97562fafe2e2aed9df71067ed8b5f 10.0/RPMS/samba-vscan-clamav-3.0.10-0.1.100mdk.i586.rpm
061fe4590f2b4a9333b072af061faf2d 10.0/RPMS/samba-vscan-icap-3.0.10-0.1.100mdk.i586.rpm
f93cf8807b3d324c65ff2086e1d185c5 10.0/RPMS/samba-winbind-3.0.10-0.1.100mdk.i586.rpm
cc4e8f75e79d74a92e8f1f4b912e26e9 10.0/SRPMS/samba-3.0.10-0.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
3cfce8df20439c1ca351c249f1a9723f amd64/10.0/RPMS/lib64smbclient0-3.0.10-0.1.100mdk.amd64.rpm
2a3779891cf1c1e7d0778ef6fb4fd4b5 amd64/10.0/RPMS/lib64smbclient0-devel-3.0.10-0.1.100mdk.amd64.rpm
880fe088484cad8a020d024561d72401 amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.10-0.1.100mdk.amd64.rpm
7153d77ba24ad0adbb0502f9ea66c69f amd64/10.0/RPMS/nss_wins-3.0.10-0.1.100mdk.amd64.rpm
0741f97041aa4a1b7a76ddf8b9cae7e6 amd64/10.0/RPMS/samba-client-3.0.10-0.1.100mdk.amd64.rpm
5188ca22867711927c3f7eb974fb597b amd64/10.0/RPMS/samba-common-3.0.10-0.1.100mdk.amd64.rpm
f77ca291226765d347923976fe8228a3 amd64/10.0/RPMS/samba-doc-3.0.10-0.1.100mdk.amd64.rpm
2806b37af76c69e107b8c643b574d3b8 amd64/10.0/RPMS/samba-passdb-mysql-3.0.10-0.1.100mdk.amd64.rpm
c29ae1d0dc56483f5c6a8967df981bb7 amd64/10.0/RPMS/samba-passdb-pgsql-3.0.10-0.1.100mdk.amd64.rpm
88aaaa4bed33c1fe9994afd4211540f4 amd64/10.0/RPMS/samba-passdb-xml-3.0.10-0.1.100mdk.amd64.rpm
4d9fcba350302502010d167099e2c321 amd64/10.0/RPMS/samba-server-3.0.10-0.1.100mdk.amd64.rpm
a65fc1e3efa10bc292073906bf4223b2 amd64/10.0/RPMS/samba-swat-3.0.10-0.1.100mdk.amd64.rpm
93a8f8f77d8bd793b7fb53a3a1e4071d amd64/10.0/RPMS/samba-vscan-clamav-3.0.10-0.1.100mdk.amd64.rpm
1373205930ca8c158ec12f9277d3c9ff amd64/10.0/RPMS/samba-vscan-icap-3.0.10-0.1.100mdk.amd64.rpm
2a70623fe81e455766fa9fdfa1358c00 amd64/10.0/RPMS/samba-winbind-3.0.10-0.1.100mdk.amd64.rpm
cc4e8f75e79d74a92e8f1f4b912e26e9 amd64/10.0/SRPMS/samba-3.0.10-0.1.100mdk.src.rpm
Mandrakelinux 10.1:
837b2322f8d052f7f320d8f9285d5b29 10.1/RPMS/libsmbclient0-3.0.10-0.1.101mdk.i586.rpm
c36bae0c2d124df093b9c55802304912 10.1/RPMS/libsmbclient0-devel-3.0.10-0.1.101mdk.i586.rpm
39269d93c41d3281f77ae54dc0cca233 10.1/RPMS/libsmbclient0-static-devel-3.0.10-0.1.101mdk.i586.rpm
57b45d84c559aba2b91b9a57d7c4ca8e 10.1/RPMS/nss_wins-3.0.10-0.1.101mdk.i586.rpm
866c6d5fea73e7f916ab52d01f8d3e35 10.1/RPMS/samba-client-3.0.10-0.1.101mdk.i586.rpm
c628e35730815f0b91b7a74de36a364d 10.1/RPMS/samba-common-3.0.10-0.1.101mdk.i586.rpm
a6bb0e3ace112770151f405b11ef59b7 10.1/RPMS/samba-doc-3.0.10-0.1.101mdk.i586.rpm
f948f84749c609a5c5645a220d4a2bc6 10.1/RPMS/samba-passdb-mysql-3.0.10-0.1.101mdk.i586.rpm
5a4a6b1c740442f10cd3101b2346b691 10.1/RPMS/samba-passdb-pgsql-3.0.10-0.1.101mdk.i586.rpm
2e0f84a4870fce6b0ea244f93cdb3087 10.1/RPMS/samba-passdb-xml-3.0.10-0.1.101mdk.i586.rpm
0dcdd3885e5197a832258c3820bd4802 10.1/RPMS/samba-server-3.0.10-0.1.101mdk.i586.rpm
4fd270a5ed5542913ae46eef30478ee7 10.1/RPMS/samba-swat-3.0.10-0.1.101mdk.i586.rpm
68adee37071e854f7a07ffbef319e8fb 10.1/RPMS/samba-vscan-clamav-3.0.10-0.1.101mdk.i586.rpm
059f944311c5b7f79f3a98099aa0b221 10.1/RPMS/samba-vscan-icap-3.0.10-0.1.101mdk.i586.rpm
b5d99e2c8ed055026a0a9723c0d3ed37 10.1/RPMS/samba-winbind-3.0.10-0.1.101mdk.i586.rpm
97ae67cf0e9effadadb09f350722d0e6 10.1/SRPMS/samba-3.0.10-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
9ff56eda4206fdc8e80f7a3e62a197a7 x86_64/10.1/RPMS/lib64smbclient0-3.0.10-0.1.101mdk.x86_64.rpm
b23b73f5dd6753afc4ba68ffa7bcb393 x86_64/10.1/RPMS/lib64smbclient0-devel-3.0.10-0.1.101mdk.x86_64.rpm
1706a3cdeb3fbe47be9f7b8a2d2dd37c x86_64/10.1/RPMS/lib64smbclient0-static-devel-3.0.10-0.1.101mdk.x86_64.rpm
630015772841043165588df670134746 x86_64/10.1/RPMS/nss_wins-3.0.10-0.1.101mdk.x86_64.rpm
769117badda6f14264c4317fe14b66fa x86_64/10.1/RPMS/samba-client-3.0.10-0.1.101mdk.x86_64.rpm
7538cb677af7c47045ad8e329daae827 x86_64/10.1/RPMS/samba-common-3.0.10-0.1.101mdk.x86_64.rpm
5f231904892aaa8a5ce67032f4569b26 x86_64/10.1/RPMS/samba-doc-3.0.10-0.1.101mdk.x86_64.rpm
c4888e05f6c7d2ede3732b62de6eb9fa x86_64/10.1/RPMS/samba-passdb-mysql-3.0.10-0.1.101mdk.x86_64.rpm
3ee2cc0a1ceda35f2028622ab4cce01c x86_64/10.1/RPMS/samba-passdb-pgsql-3.0.10-0.1.101mdk.x86_64.rpm
bd53c8c7e2f60c3e4be296c796172ff4 x86_64/10.1/RPMS/samba-passdb-xml-3.0.10-0.1.101mdk.x86_64.rpm
00ba70ba02bb5bf0d66c7953b0f13de0 x86_64/10.1/RPMS/samba-server-3.0.10-0.1.101mdk.x86_64.rpm
47cce4f22f1427f12bc6aa3408d15c2f x86_64/10.1/RPMS/samba-swat-3.0.10-0.1.101mdk.x86_64.rpm
ddc86fc7a958258672c5d3eeacbc016c x86_64/10.1/RPMS/samba-vscan-clamav-3.0.10-0.1.101mdk.x86_64.rpm
896d47cc019e8e3e8b83e7dfb691407f x86_64/10.1/RPMS/samba-vscan-icap-3.0.10-0.1.101mdk.x86_64.rpm
1ba72f15ba64bf0d106559e9d6743b34 x86_64/10.1/RPMS/samba-winbind-3.0.10-0.1.101mdk.x86_64.rpm
cc4e8f75e79d74a92e8f1f4b912e26e9 x86_64/10.1/SRPMS/samba-3.0.10-0.1.100mdk.src.rpm
Corporate Server 2.1:
df6b5d59dcda1ffcae89a3bbe6897ac7 corporate/2.1/RPMS/nss_wins-2.2.7a-10.5.C21mdk.i586.rpm
a625fa251ca66beaa011df6767843652 corporate/2.1/RPMS/samba-client-2.2.7a-10.5.C21mdk.i586.rpm
1ed6192ecab1a812d5c806944351b567 corporate/2.1/RPMS/samba-common-2.2.7a-10.5.C21mdk.i586.rpm
92593e891a61fdfb115c31919b196bc7 corporate/2.1/RPMS/samba-doc-2.2.7a-10.5.C21mdk.i586.rpm
335351a23e334c0b8186bac4c35b32a5 corporate/2.1/RPMS/samba-server-2.2.7a-10.5.C21mdk.i586.rpm
91513b54954e4919a72e454b276a5d18 corporate/2.1/RPMS/samba-swat-2.2.7a-10.5.C21mdk.i586.rpm
39f402facfe0d786d26de5d26ae4f519 corporate/2.1/RPMS/samba-winbind-2.2.7a-10.5.C21mdk.i586.rpm
8d9e18af48b38c091597536a6c7674d3 corporate/2.1/SRPMS/samba-2.2.7a-10.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
b60d05bc89601c21bf3f9585cc4c5558 x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.5.C21mdk.x86_64.rpm
7a6cc04f7febd58fae213ecc2363fe93 x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.5.C21mdk.x86_64.rpm
2ad9851445805e99380cd96a5c36b3ff x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.5.C21mdk.x86_64.rpm
e3285041faaee803ae7649f5e9d03835 x86_64/corporate/2.1/RPMS/samba-doc-2.2.7a-10.5.C21mdk.x86_64.rpm
b3c5859a3f283dae0746d8e9397124a3 x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.5.C21mdk.x86_64.rpm
ff89c60ab5e797a4f9b03bd4318f20b4 x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.5.C21mdk.x86_64.rpm
ef2017020ac78e00292aa39f34c44eda x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.5.C21mdk.x86_64.rpm
8d9e18af48b38c091597536a6c7674d3 x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.5.C21mdk.src.rpm
Mandrakelinux 9.2:
088029da81842128ec935d2a97b5297d 9.2/RPMS/libsmbclient0-2.2.8a-13.5.92mdk.i586.rpm
79ed15ebf5e3f6cbaf7ccb52e55602c5 9.2/RPMS/libsmbclient0-devel-2.2.8a-13.5.92mdk.i586.rpm
1fffee844e0c52f7a6baeaea5df12dfd 9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.5.92mdk.i586.rpm
5a6842da844152b5d500f048d1c17680 9.2/RPMS/nss_wins-2.2.8a-13.5.92mdk.i586.rpm
a1f5fb33a0799773872cd3528abd2922 9.2/RPMS/samba-client-2.2.8a-13.5.92mdk.i586.rpm
ef9574eca6c7302afd0f3a964fbad102 9.2/RPMS/samba-common-2.2.8a-13.5.92mdk.i586.rpm
53a143d2edbfd2c84b90d1fd2882cd41 9.2/RPMS/samba-debug-2.2.8a-13.5.92mdk.i586.rpm
7e3a736be66a40d807bb0604728be387 9.2/RPMS/samba-doc-2.2.8a-13.5.92mdk.i586.rpm
7209b516f383cff6929aeb9ff3f7aef1 9.2/RPMS/samba-server-2.2.8a-13.5.92mdk.i586.rpm
6e4f2abad0992a682f08824b0a7a2eaa 9.2/RPMS/samba-swat-2.2.8a-13.5.92mdk.i586.rpm
a4b7c8c77d70c4aed1477125bbabcf32 9.2/RPMS/samba-winbind-2.2.8a-13.5.92mdk.i586.rpm
5dac08090bbf96424deac328606d1baa 9.2/SRPMS/samba-2.2.8a-13.5.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
41ef777a44563e2f79473749ef222f1c amd64/9.2/RPMS/lib64smbclient0-2.2.8a-13.5.92mdk.amd64.rpm
f4be3802737f7bc9f89ee0f37ff60ac9 amd64/9.2/RPMS/lib64smbclient0-devel-2.2.8a-13.5.92mdk.amd64.rpm
45d2e4984e03ae136cdfd1c956c2cbea amd64/9.2/RPMS/lib64smbclient0-static-devel-2.2.8a-13.5.92mdk.amd64.rpm
288b7d5b8afed407623c530d49ec9a19 amd64/9.2/RPMS/nss_wins-2.2.8a-13.5.92mdk.amd64.rpm
ab2cd19851014ac7666e7087b7be8531 amd64/9.2/RPMS/samba-client-2.2.8a-13.5.92mdk.amd64.rpm
3bd93f1110c00ca650dbb38879385a3b amd64/9.2/RPMS/samba-common-2.2.8a-13.5.92mdk.amd64.rpm
a4bd99554163f225924c4b36570cb773 amd64/9.2/RPMS/samba-debug-2.2.8a-13.5.92mdk.amd64.rpm
37cceee21187ba9504425e0188987aef amd64/9.2/RPMS/samba-doc-2.2.8a-13.5.92mdk.amd64.rpm
c74ce637991fce807ba89a67d4074cd0 amd64/9.2/RPMS/samba-server-2.2.8a-13.5.92mdk.amd64.rpm
5054e883c7eef4638711f0bcc6820273 amd64/9.2/RPMS/samba-swat-2.2.8a-13.5.92mdk.amd64.rpm
47ac1a1a10736c8cc51b5b715efb0a13 amd64/9.2/RPMS/samba-winbind-2.2.8a-13.5.92mdk.amd64.rpm
5dac08090bbf96424deac328606d1baa amd64/9.2/SRPMS/samba-2.2.8a-13.5.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB0J9qmqjQ0CJFipgRArWyAKDM5kJLzyA2djHsIM25Me/HQzGebwCffOt0
oI5S4/dK/0vVWT+avS6l83o=
=R6fo
-----END PGP SIGNATURE-----
