Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities

security_at_sco.com
Date: 05/02/03

  • Next message: David F. Madrid: "Crash in Internet Explorer 6.0 Sp1"
    To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com
    Date: Fri, 2 May 2003 14:18:42 -0700
    
    
    

    To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

    ______________________________________________________________________________

                            SCO Security Advisory

    Subject: OpenLinux: Various serious Samba vulnerabilities
    Advisory number: CSSA-2003-017.0
    Issue date: 2003 May 02
    Cross reference:
    ______________________________________________________________________________

    1. Problem Description

            This update addresses the following Samba issues:

            A bug in the length checking for encrypted password change
            requests from clients could be exploited using a buffer
            overrun attack on the smbd stack.

            A vulnerability that could lead to an anonymous user gaining
            root access on a Samba serving system.

            A chown race condition that could allow overwriting of
            critical system files if exploited.

            A buffer overflow in the call_trans2open function in trans2.c
            allows remote attackers to execute arbitrary code.

            Multiple buffer overflows that may allow remote attackers to
            execute arbitrary code or cause a denial of service.

    2. Vulnerable Supported Versions

            System Package
            ----------------------------------------------------------------------

            OpenLinux 3.1.1 Server prior to libsmbclient-2.2.2-7.i386.rpm
                                            prior to samba-2.2.2-7.i386.rpm
                                            prior to samba-doc-2.2.2-7.i386.rpm
                                            prior to smbfs-2.2.2-7.i386.rpm
                                            prior to swat-2.2.2-7.i386.rpm

            OpenLinux 3.1.1 Workstation prior to libsmbclient-2.2.2-7.i386.rpm
                                            prior to samba-2.2.2-7.i386.rpm
                                            prior to samba-doc-2.2.2-7.i386.rpm
                                            prior to smbfs-2.2.2-7.i386.rpm
                                            prior to swat-2.2.2-7.i386.rpm

    3. Solution

            The proper solution is to install the latest packages. Many
            customers find it easier to use the Caldera System Updater, called
            cupdate (or kcupdate under the KDE environment), to update these
            packages rather than downloading and installing them by hand.

    4. OpenLinux 3.1.1 Server

            4.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/RPMS

            4.2 Packages

            a4f667678f6a3c283491ae04480625d6 libsmbclient-2.2.2-7.i386.rpm
            8c95e0b81771bb703e08937125e8c9bf samba-2.2.2-7.i386.rpm
            2a590b5458186279fd3bb17bb87c5af3 samba-doc-2.2.2-7.i386.rpm
            fcabaf8b0567ed5faad0e2fe8e206f92 smbfs-2.2.2-7.i386.rpm
            bd13c1771c2267549916f3afb60ad019 swat-2.2.2-7.i386.rpm

            4.3 Installation

            rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
            rpm -Fvh samba-2.2.2-7.i386.rpm
            rpm -Fvh samba-doc-2.2.2-7.i386.rpm
            rpm -Fvh smbfs-2.2.2-7.i386.rpm
            rpm -Fvh swat-2.2.2-7.i386.rpm

            4.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-017.0/SRPMS

            4.5 Source Packages

            403ddcea6384a309768066e06941a68f samba-2.2.2-7.src.rpm

    5. OpenLinux 3.1.1 Workstation

            5.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/RPMS

            5.2 Packages

            c04cb8377d18180c6b914ed9d0d1d4e3 libsmbclient-2.2.2-7.i386.rpm
            aad7fa4db863931a9c57b8720e17cbb6 samba-2.2.2-7.i386.rpm
            be052cbf6e77f05ad1cbc7fba57be7bd samba-doc-2.2.2-7.i386.rpm
            4bf70f287baf74e47ef5cff351a7a740 smbfs-2.2.2-7.i386.rpm
            906d1705b64767cd774e29287b5ab437 swat-2.2.2-7.i386.rpm

            5.3 Installation

            rpm -Fvh libsmbclient-2.2.2-7.i386.rpm
            rpm -Fvh samba-2.2.2-7.i386.rpm
            rpm -Fvh samba-doc-2.2.2-7.i386.rpm
            rpm -Fvh smbfs-2.2.2-7.i386.rpm
            rpm -Fvh swat-2.2.2-7.i386.rpm

            5.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-017.0/SRPMS

            5.5 Source Packages

            21c0df3f652692c3db10dd5783e78e93 samba-2.2.2-7.src.rpm

    6. References

            Specific references for this advisory:

                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201

            SCO security resources:

                    http://www.sco.com/support/security/index.html

            This security fix closes SCO incidents sr876764, sr875830,
            sr872195, fz527679, fz527532, fz526744, erg712283, erg712263,
            erg712169.

    7. Disclaimer

            SCO is not responsible for the misuse of any of the information
            we provide on this website and/or through our security
            advisories. Our advisories are a service to our customers intended
            to promote secure installation and use of SCO products.

    8. Acknowledgements

            Steve Langasek (Debian), Sebastian Krahmer (SuSE), and Digital
            Defense Inc. discovered and researched these vulnerabilities.

    ______________________________________________________________________________

    
    



  • Next message: David F. Madrid: "Crash in Internet Explorer 6.0 Sp1"

    Relevant Pages