Säkerhetsbulletin från Debian
DSA-701-2 samba -- heltalsspill
- Rapporterat den:
- 2005-04-21
- Berörda paket:
- samba
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 302378.
I Mitres CVE-förteckning: CVE-2004-1154.
CERTs information om sårbarheter, bulletiner och incidenter: VU#226184. - Ytterligare information:
-
Vi har upptäckt att den senaste säkerhetsuppdateringen för Samba, en LanManager-liknande fil- och skrivarserver för GNU/Linux och Unixliknande system, fick servern att krascha vid omläsning. Detta har rättats. Texten från originalbulletinen följer nedan:
Greg MacManus upptäckte ett heltalsspill i smb-servern från Samba, en LanManager-liknande fil- och skrivarserver för GNU/Linux och Unixliknande system. Genom att be om ett stort antal åtkomststyrningshandtag från servern kunde man utnyttja heltalsspillet, vilket kunde ge ett buffertspill som kunde leda till att godtycklig kod exekverades med rootbehörighet. Uppströmsutvecklarna har även upptäckt fler möjliga heltalsspill som även de rättas i denna uppdatering.
För den stabila utgåvan (Woody) har dessa problem rättats i version 2.2.3a-15.
För den instabila utgåvan (Sid) har dessa problem rättats i version 3.0.10-1.
Vi rekommenderar att ni uppgraderar era samba-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-15_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_m68k.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.
MD5-kontrollsummor för dessa filer finns i reviderade bulletinen.