Bulletin d'alerte Debian

DSA-200-1 samba -- Exploitation à distance

Date du rapport :
22 novembre 2002
Paquets concernés :
samba
Vulnérabilité :
Oui
Références dans la base de données de sécurité :
Dans le dictionnaire CVE du Mitre : CVE-2002-1318.
Plus de précisions :

Steve Langasek a découvert un bogue exploitable dans le code qui gère les mots de passe dans samba. En convertissant un code de page DOS à un code de page petit boutiste UCS2 unicode, samba ne contrôle pas la longueur d'un tampon, si bien qu'il peut déborder. Il n'y a pas d'exploitation connue pour cette faille, mais une mise à jour est fortement conseillée.

Ce problème a été corrigé dans la version 2.2.3a-12 pour les paquets Debian samba et dans la version 2.2.7 dans la version des auteurs.

Corrigé dans :

Debian GNU/Linux 3.0 (woody)

Source :
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz
Composant indépendant de l'architecture :
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb
alpha (DEC Alpha):
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb
arm (ARM):
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_arm.deb
hppa (HP PA RISC):
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_hppa.deb
i386 (Intel ia32):
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_i386.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_i386.deb
ia64 (Intel ia64):
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_ia64.deb
powerpc (PowerPC):
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_powerpc.deb
s390 (IBM S/390):
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_s390.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_s390.deb
sparc (Sun SPARC/UltraSPARC):
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.