Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-280-1 samba -- bufferoverløb

Rapporteret den:

7. apr 2003

Berørte pakker:

samba

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7294, BugTraq-id 7295.
I Mitres CVE-ordbog: CVE-2003-0201, CVE-2003-0196.
CERTs noter om sårbarheder, bulletiner og hændelser: VU#267873.

Yderligere oplysninger:

Digital Defense, Inc. har gjort Samba-teamet opmærksom på en alvorlig sårbarhed i Samba, en LanManager-lignende fil- og printerserver til Unix. Denne sårbarhed kan føre til at en anonym bruger får root-adgang på et system med Samba. En udnyttelse af dette problem er allerede i omløb og i brug.

Da pakkerne i potato er ganske gamle, er det muligt at de indeholder flere sikkerhedsrelevate fejl, end vi har kendskab til. Det anbefales derfor snart at opgraderer systemer hvor Samba kører til, til woody.

Uofficielle pakke med tilbageførte rettelser fra Samba-vedligeholderne til version 2.2.8 af Samba i woody er tilgængelige på ~peloy og ~vorlon.

I den stabile distribution (woody) er dette problem rettet i version 2.2.3a-12.3.

I den gamle stabile distribution (potato) er dette problem rettet i version 2.0.7-5.1.

Den ustabile distribution (sid) er ikke påvirket, da den allerede indeholder version 3.0-pakker.

Vi anbefaler at du omgående opgraderer dine Samba-pakker.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.dsc

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.diff.gz

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7.orig.tar.gz

Arkitekturuafhængig komponent:

http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.0.7-5.1_all.deb

Alpha:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_arm.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_i386.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_i386.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_m68k.deb

PowerPC:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_powerpc.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Kildekode:

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.dsc

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.diff.gz

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz

Arkitekturuafhængig komponent:

http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.3_all.deb

Alpha:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_alpha.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_arm.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_i386.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_ia64.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_hppa.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_m68k.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mips.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_powerpc.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_s390.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_sparc.deb

http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français 日本語 (Nihongo) Português Русский (Russkij) suomi svenska

Sådan opsætter du standardsprogvalg for dokumenter