Debian Security Advisory
DSA-203-1 smb2www -- arbitrary command execution
- Date Reported:
- 04 Dec 2002
- Affected Packages:
- smb2www
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2002-1342.
- More information:
-
Robert Luberda found a security problem in smb2www, a Windows Network client that is accessible through a web browser. This could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running.
This problem has been fixed in version 980804-16.1 for the current stable distribution (woody), in version 980804-8.1 of the old stable distribution (potato) and in version 980804-17 for the unstable distribution (sid).
We recommend that you upgrade your smb2www package immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1.dsc
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1.diff.gz
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1_all.deb
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1.dsc
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1.diff.gz
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1_all.deb
MD5 checksums of the listed files are available in the original advisory.