Omitir navegación rápida

• Acerca de Debian
• Noticias
• Cómo obtener Debian
• Soporte
• Rincón de los desarrolladores
• Mapa del sitio
• Búsqueda

Aviso de seguridad de Debian

DSA-262-1 samba -- explotación remota

Fecha del informe:

15 de mar de 2003

Paquetes afectados:

samba

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 7107, Id. en BugTraq 7106.
En el diccionario CVE de Mitre: CVE-2003-0085, CVE-2003-0086.

Información adicional:

Sebastian Krahmer, del equipo de la auditoría de seguridad de SuSE, encontró dos problemas en samba, una popular implementación de SMB/CIFS. Los problemas son:

• un desbordamiento de búfer en el paquete SMB/CIFS fragmentaba el código de reensamblado usado por smbd. Ya que smbd corre como root, un atacante podía usar esto para obtener acceso como root a una máquina que estuviera corriendo smbd.
• el código para escribir archivos reg era vulnerable por una fuga en chown que hacía posible que un usuario local escribiera archivos del sistema.

Ambos problemas se han corregido en la versión 2.2.8 y en la versión 2.2.3a-12.1 del paquete para Debian GNU/Linux 3.0/woody.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.dsc

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.diff.gz

Componentes independientes de la arquitectura:

http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.1_all.deb

alpha (DEC Alpha):

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_alpha.deb

arm (ARM):

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_arm.deb

hppa (HP PA RISC):

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_hppa.deb

i386 (Intel ia32):

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_i386.deb

ia64 (Intel ia64):

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_ia64.deb

mips (MIPS (Big Endian)):

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_mips.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_mips.deb

mipsel (MIPS (Little Endian)):

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_mipsel.deb

powerpc (PowerPC):

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_powerpc.deb

s390 (IBM S/390):

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_s390.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_s390.deb

sparc (Sun SPARC/UltraSPARC):

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.

Esta página también está disponible en los siguientes idiomas:

dansk Deutsch English français 日本語 (Nihongo) Português Русский (Russkij) suomi svenska

Cómo modificar el idioma por defecto de los documentos