Bulletin d'alerte Debian
DSA-1823-1 samba -- Plusieurs vulnérabilités
- Date du rapport :
- 25 juin 2009
- Paquets concernés :
- samba
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2009-1886, CVE-2009-1888.
- Plus de précisions :
-
Plusieurs vulnérabilités ont été découvertes dans Samba, un serveur de fichiers SMB/CIFS, d'impression et de connexion. Le projet « Common Vulnerabilities and Exposures » (CVE) identifie les problèmes suivants.
- CVE-2009-1886
L'utilitaire smbclient contient une vulnérabilité de chaîne de formatage provoquant un traitement des entrées utilisateur en tant que chaîne de formatage pour asprintf par les commandes gérant les noms de fichiers.
- CVE-2009-1888
Dans le démon smbd, si un utilisateur essaie de modifier une liste de contrôle d'accès (ACL) et s'en voit refuser la permission, ce refus peut être contourné si le paramètre « dos filemode » est réglé à « yes » dans smb.conf et que l'utilisateur a déjà accès au fichier en écriture.
L'ancienne distribution stable (Etch) n'est pas affectée par ces problèmes.
Pour la distribution stable (Lenny), ces problèmes ont été corrigés dans la version 3.2.5-4lenny6.
La distribution unstable (Sid), qui n'est affectée que par CVE-2009-1888, sera prochainement corrigée.
Nous vous recommandons de mettre à jour votre paquet samba.
- CVE-2009-1886
- Corrigé dans :
-
Debian GNU/Linux 5.0 (lenny)
- Source :
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.dsc
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny6_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.