Alerta de Segurança Debian

DSA-701-2 samba -- estouros de inteiro

Data do Alerta:

21 Abr 2005

Pacotes Afetados:

Vulnerável:

Sim

Referência à base de dados de segurança:

No sistema de acompanhamento de bugs do Debian: Bug 302378.
No dicionário CVE do Mitre: CVE-2004-1154.
Alertas, notas de incidentes e vulnerabilidades do CERT: VU#226184.

Informações adicionais:

Foi descoberto que a última atualização de segurança para o Samba, um servidor de arquivos e impressoras estilo LanManager para GNU/Linux e sistemas estilo Unix fez o daemon quebrar ao recarregar. Isto foi corrigido. Segue abaixo o alerta original:

Greg MacManus descobriu um estouro de inteiro no daemon smb do Samba, um servidor de arquivos e impressão estilo LanManager para sistemas GNU/Linux e derivados do unix. Requisitar uma grande quantidade de descritores de controle de acesso ao servidor poderia explorar o estouro de inteiro, podendo levar a um estouro de buffer que por sua vez levaria à execução de código arbitrário com privilégios de root. Os desenvolvedores também descobriram mais possíveis estouros de inteiro que também foram corrigidos nesta atualização.

Na distribuição estável (woody), estes problemas foram corrigidos na versão 2.2.3a-15.

Na distribuição instável (sid), estes problemas foram corrigidos na versão 3.0.10-1.

Nós recomendamos que você atualize seus pacotes samba.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
Componente independente de arquitetura:: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-15_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.

Checksums MD5 dos arquivos listados estão disponíveis no alerta revisado.

Esta página também está disponível nos seguintes idiomas:

dansk Deutsch English español français svenska

Como configurar o idioma padrão dos documentos

Para relatar um problema com o site web, envie uma mensagem em inglês para debian-www@lists.debian.org ou em português para debian-l10n-portuguese@lists.debian.org. Para outras informações de contato, veja a página de contato do Debian.