Säkerhetsbulletin från Debian
DSA-280-1 samba -- buffertspill
- Rapporterat den:
- 2003-04-07
- Berörda paket:
- samba
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7294, BugTraq-id 7295.
I Mitres CVE-förteckning: CVE-2003-0201, CVE-2003-0196.
CERTs information om sårbarheter, bulletiner och incidenter: VU#267873. - Ytterligare information:
-
Digital Defense, Inc. har varnat Sambagruppen om en allvarlig sårbarhet i Samba, en LanManagerliknande fil- och skrivarserver för Unix. Denna sårbarhet kan leda till att en anonym användare uppnår rootbehörighet på ett system som tillhandahåller Samba. Ett sätt att utnyttja detta problem cirkulerar redan och är i bruk.
Eftersom paketen för Potato är rätt gamla är det troligt att de innehåller flera säkerhetsrelaterade fel vi inte känner till. Ni bör därför uppgradera era system med Samba till Woody snarast.
Inofficiella bakåtanpassade paket från de Sambaansvariga för version 2.2.8 av Samba för woody är tillgängliga från ~peloy och ~vorlon.
För den stabila utgåvan (Woody) har detta problem rättats i version 2.2.3a-12.3.
För den gamla stabila utgåvan (Potato) har detta problem rättats i version 2.0.7-5.1.
Den instabila utgåvan (Sid) påverkas inte eftersom den redan innehåller paket med version 3.0.
Vi rekommenderar att ni uppgraderar era Samba-paket omedelbart.
- Rättat i:
-
Debian GNU/Linux 2.2 (potato)
- Källkod:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.0.7-5.1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.3_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.