Alerta de Segurança Debian
DSA-701-2 samba -- estouros de inteiro
- Data do Alerta:
- 21 Abr 2005
- Pacotes Afetados:
- samba
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- No sistema de acompanhamento de bugs do Debian: Bug 302378.
No dicionário CVE do Mitre: CVE-2004-1154.
Alertas, notas de incidentes e vulnerabilidades do CERT: VU#226184. - Informações adicionais:
-
Foi descoberto que a última atualização de segurança para o Samba, um servidor de arquivos e impressoras estilo LanManager para GNU/Linux e sistemas estilo Unix fez o daemon quebrar ao recarregar. Isto foi corrigido. Segue abaixo o alerta original:
Greg MacManus descobriu um estouro de inteiro no daemon smb do Samba, um servidor de arquivos e impressão estilo LanManager para sistemas GNU/Linux e derivados do unix. Requisitar uma grande quantidade de descritores de controle de acesso ao servidor poderia explorar o estouro de inteiro, podendo levar a um estouro de buffer que por sua vez levaria à execução de código arbitrário com privilégios de root. Os desenvolvedores também descobriram mais possíveis estouros de inteiro que também foram corrigidos nesta atualização.
Na distribuição estável (woody), estes problemas foram corrigidos na versão 2.2.3a-15.
Na distribuição instável (sid), estes problemas foram corrigidos na versão 3.0.10-1.
Nós recomendamos que você atualize seus pacotes samba.
- Corrigido em:
-
Debian GNU/Linux 3.0 (woody)
- Fonte:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz
- Componente independente de arquitetura:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-15_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.
Checksums MD5 dos arquivos listados estão disponíveis no alerta revisado.