97965 2003-04-07 22:12 /63 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2003-04-07 22:12 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4395>
Ärende: Immunix Secured OS 7+ samba update
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: samba
Affected products: ImmunixOS 7.0, 7+
Bugs fixed: CAN-2003-0201
Date: Mon Apr 7 2003
Advisory ID: IMNX-2003-7+-006-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
Digital Defense found an actively-exploited samba static-buffer
overflow on a honeypot system. They figured out the vulnerable section
of code and alerted the Samba team, who found some additional bugs
while fixing this bug.
In samba version 2.0.10, this buffer is located on the heap, so
StackGuard does not provide protection for this buffer overflow.
There are actively-used samba 2.2 exploits that allow remote
anonymous users to gain local root privileges. The samba 2.2
exploit analyzed by Digital Defense used a statically allocated
buffer. While we do not know of any exploits against the 2.0.10
version, it may be possible to re-write the exploit in use to
attack the heap-based buffer in samba 2.0.10. We recommend
upgrading.
Please note this is different from (and includes the fixes from)
IMNX-2003-7+-003-01, which addressed different samba security flaws.
References:
http://www.securityfocus.com/archive/1/317615/2003-04-04/2003-04-10/0
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_3.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_3.i386.rpm
Immunix OS 7+ md5sums:
13b41eeaf5ef6d018554fab4ae4958bc samba-2.0.10-2_imnx_3.i386.rpm
bbfeb9255328a8e73790f390aa7afb9f samba-client-2.0.10-2_imnx_3.i386.rpm
feeb2e9d872f5bdc01c44ee125f0170c samba-common-2.0.10-2_imnx_3.i386.rpm
ffa5900e389ed12620ec72bd4fdf5c15 samba-2.0.10-2_imnx_3.src.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(97965) /Immunix Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 97966
97966 2003-04-07 22:12 /9 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2003-04-07 22:12 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4396>
Bilaga (text/plain) till text 97965
Ärende: Bilaga till: Immunix Secured OS 7+ samba update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6RxcoACgkQVQcWL60UVMtKxwCffaze1gckJfU64LJ34srfozL2
+UsAoJXpIcgzvAJWdBdOnOTuK9bl50PV
=JVCJ
-----END PGP SIGNATURE-----
(97966) /Immunix Security Team <security@wirex.com>/