Debian Security Advisory

DSA-203-1 smb2www -- arbitrary command execution

Date Reported:
04 Dec 2002
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2002-1342.
More information:

Robert Luberda found a security problem in smb2www, a Windows Network client that is accessible through a web browser. This could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running.

This problem has been fixed in version 980804-16.1 for the current stable distribution (woody), in version 980804-8.1 of the old stable distribution (potato) and in version 980804-17 for the unstable distribution (sid).

We recommend that you upgrade your smb2www package immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Architecture-independent component:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.