[SECURITY] Samba
Michal Kochanowicz
michal w michal.waw.pl
Czw, 16 Gru 2004, 19:06:44 CET
----- Forwarded message from Gerald Carter <jerry w samba.org> -----
> Date: Thu, 16 Dec 2004 06:17:29 -0600
> From: Gerald Carter <jerry w samba.org>
> User-Agent: Mozilla Thunderbird 0.9 (X11/20041103)
> To: bugtraq w securityfocus.com
> Cc: security w samba.org
> Subject: [SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code
> execution in Samba 2.x, 3.0.x <= 3.0.9
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ==========================================================
> ==
> == Subject: Possible remote code execution
> == CVE ID#: CAN-2004-1154
> ==
> == Versions: Samba 2.x & 3.0.x <= 3.0.9
> ==
> == Summary: A potential integer overflow when
> == unmarshalling specific MS-RPC requests
> == from clients could lead to heap
> == corruption and remote code execution.
> ==
> ==========================================================
>
>
> ===========
> Description
> ===========
>
> Remote exploitation of an integer overflow vulnerability
> in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
> and Samba 3.0.x prior to and including 3.0.9 could
> allow an attacker to cause controllable heap corruption,
> leading to execution of arbitrary commands with root
> privileges.
>
> Successful remote exploitation allows an attacker to
> gain root privileges on a vulnerable system. In order
> to exploit this vulnerability an attacker must possess
> credentials that allow access to a share on the Samba server.
> Unsuccessful exploitation attempts will cause the process
> serving the request to crash with signal 11, and may leave
> evidence of an attack in logs.
>
>
> ==================
> Patch Availability
> ==================
>
> A patch for Samba 3.0.9 (samba-3.0.9-CAN-2004-1154.patch)
> can be downloaded from
>
> http://www.samba.org/samba/ftp/patches/security/
>
> The patch has been signed with the "Samba Distribution
> Verification Key" (ID F17F9772).
>
>
> =============================
> Protecting Unpatched Servers
> =============================
>
> The Samba Team always encourages users to run the latest
> stable release as a defense against attacks. However,
> under certain circumstances it may not be possible to
> immediately upgrade important installations. In such
> cases, administrators should read the "Server Security"
> documentation found at
>
> http://www.samba.org/samba/docs/server_security.html.
>
>
> =======
> Credits
> =======
>
> This security issue was reported to Samba developers by
> iDEFENSE Labs. The vulnerability was discovered by Greg
> MacManus, iDEFENSE Labs.
>
>
> ==========================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ==========================================================
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBwXzZIR7qMdg1EfYRAqv1AJ9FqoFnBPnjNMGVjlsjO47yAk/UYACg9KMa
> L+VEkr69J9oGg48m771bC7U=
> =gtGA
> -----END PGP SIGNATURE-----
>
----- End forwarded message -----
--
--= Michal Kochanowicz =--==--==BOFH==--==--= michal w michal.waw.pl =--
--= finger me for PGP public key or visit http://michal.waw.pl/PGP =--
--==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==--
A chodzenie po górach SSIE!!!
Więcej informacji o liście dyskusyjnej pld-devel-pl