Debian Security Advisory
DSA-1823-1 samba -- several vulnerabilities
- Date Reported:
- 25 Jun 2009
- Affected Packages:
- samba
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2009-1886, CVE-2009-1888.
- More information:
-
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2009-1886
The smbclient utility contains a formatstring vulnerability where commands dealing with file names treat user input as format strings to asprintf.
- CVE-2009-1888
In the smbd daemon, if a user is trying to modify an access control list (ACL) and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to "yes" in the smb.conf and the user already has write access to the file.
The old stable distribution (etch) is not affected by these problems.
For the stable distribution (lenny), these problems have been fixed in version 3.2.5-4lenny6.
The unstable distribution (sid), which is only affected by CVE-2009-1888, will be fixed soon.
We recommend that you upgrade your samba package.
- CVE-2009-1886
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny6_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_sparc.deb
MD5 checksums of the listed files are available in the original advisory.