Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Immunix 2003-7+003-01: samba buffer overrun

Immunix 2003-7+003-01: samba buffer overrun

by Nikola Strahija on April 2nd, 2003 A buffer overrun condition has been found in the SMB/CIFS packet fragment re-assembly code of the smbd Samba, which can allow remote attacker to gain root privileges.


-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: samba
Affected products: ImmunixOS 6.2, 7.0, 7
Bugs fixed: CAN-2003-0085
Date: Mon Mar 31 2003
Advisory ID: IMNX-2003-7+003-01
Author: Seth Arnold
-----------------------------------------------------------------------

Description:
Quoting from the Samba security advisory:
The SuSE security audit team, in particular Sebastian Krahmer
, has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
in more detail:
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
The patch was prepared by "Jeremy Allison and reviewed by engineers
from the Samba Team, SuSE, HP, SGI, Apple, and the Linux vendor
engineers on the Linux Vendor security mailing list."

We would like to thank Jay Fenlason at Red Hat for separating the
security-critical portions of the patch apart from the rest of the
Samba-supplied fix.

References: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html


Package names and locations:
Precompiled binary packages for Immunix 7 are available at:
http://download.immunix.org/ImmunixOS/7﵊嵪힬ﴓ챋﬚馶2.0.10-2_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7﵊嵪힬ﴓ챋﬚馶client-2.0.10-2_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7﵊嵪힬ﴓ챋﬚馶common-2.0.10-2_imnx_2.i386.rpm

Immunix OS 7 md5sums:
a74de332ef912b659dee405e996682b9 samba-2.0.10-2_imnx_2.i386.rpm
0ea784704399dd90280766d378cbf410 samba-client-2.0.10-2_imnx_2.i386.rpm
2c206898ffed86f63eb1c96bf8b542c2 samba-common-2.0.10-2_imnx_2.i386.rpm


GPG verification:
Our public key is available at http://wirex.com/security/GPG_KEY.

NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
To report vulnerabilities, please contact [email protected] WireX
attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »