Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » MDKSA-2002:081 - Updated samba packages fix potential root compromise

MDKSA-2002:081 - Updated samba packages fix potential root compromise

by Nikola Strahija on November 28th, 2002 A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code.


This vulnerability has been fixed in samba version 2.2.7, and the
updated packages have had a patch applied to fix the problem.
________________________________________________________________________

References:

http://www.samba.org/samba/whatsnew/samba-2.2.7.html
________________________________________________________________________

Updated Packages:

Mandrake Linux 8.1:
b10451e71a1ba27d45956f57fb203118 8.1/RPMS/samba-2.2.2-3.3mdk.i586.rpm
22a6f9977518bbe2923ec7d2f68a698e 8.1/RPMS/samba-client-2.2.2-3.3mdk.i586.rpm
74d59e5578aaa0a23e760c828a6d8688 8.1/RPMS/samba-common-2.2.2-3.3mdk.i586.rpm
6d6a2835fd6e21b4c93dbaa5fe6f2d13 8.1/RPMS/samba-doc-2.2.2-3.3mdk.i586.rpm
4c7511781a263f633cab5bf1831ad69b 8.1/SRPMS/samba-2.2.2-3.3mdk.src.rpm

Mandrake Linux 8.1/IA64:
2456e2af90d2e71e877a16f2ff034c73 ia64/8.1/RPMS/samba-2.2.2-3.3mdk.ia64.rpm
66043b111988d82d2800763950ea07e3 ia64/8.1/RPMS/samba-client-2.2.2-3.3mdk.ia64.rpm
6954d750eae921eece5e1e2ece9c42e5 ia64/8.1/RPMS/samba-common-2.2.2-3.3mdk.ia64.rpm
cf5545988b8d07299b776a25d6dc2e56 ia64/8.1/RPMS/samba-doc-2.2.2-3.3mdk.ia64.rpm
4c7511781a263f633cab5bf1831ad69b ia64/8.1/SRPMS/samba-2.2.2-3.3mdk.src.rpm

Mandrake Linux 8.2:
5552fadd8509fc7222099f88dad0f5a9 8.2/RPMS/nss_wins-2.2.3a-10.1mdk.i586.rpm
58da182a9a84a02010ddaf939e97bc7c 8.2/RPMS/samba-2.2.3a-10.1mdk.i586.rpm
91dcff33758dca1ca9a4779186a6917d 8.2/RPMS/samba-client-2.2.3a-10.1mdk.i586.rpm
ce98076728c73ca79b78fc9d69b94b47 8.2/RPMS/samba-common-2.2.3a-10.1mdk.i586.rpm
983c2de083b240971026bb054b449fde 8.2/RPMS/samba-doc-2.2.3a-10.1mdk.i586.rpm
fe4c7a8ebedede8ac10ff98eac2b84a5 8.2/RPMS/samba-swat-2.2.3a-10.1mdk.i586.rpm
ec00eed80e135dd79b56608bbd2c0574 8.2/RPMS/samba-winbind-2.2.3a-10.1mdk.i586.rpm
5677dee51659f50acee4e55346ca737d 8.2/SRPMS/samba-2.2.3a-10.1mdk.src.rpm

Mandrake Linux 8.2/PPC:
32e41a8c06f1b5b24b13de0f65dfa3cc ppc/8.2/RPMS/nss_wins-2.2.3a-10.1mdk.ppc.rpm
275bf7b8a2792e11bf94dc24557f8ebc ppc/8.2/RPMS/samba-2.2.3a-10.1mdk.ppc.rpm
66232f77afcacc83090e3cf848717962 ppc/8.2/RPMS/samba-client-2.2.3a-10.1mdk.ppc.rpm
912ccb4cc81f89de6de871aa1c4833c0 ppc/8.2/RPMS/samba-common-2.2.3a-10.1mdk.ppc.rpm
af73612d4ea52c4a391ca75afd0dae8b ppc/8.2/RPMS/samba-doc-2.2.3a-10.1mdk.ppc.rpm
2117cd7af96f6467c867faef73a425b6 ppc/8.2/RPMS/samba-swat-2.2.3a-10.1mdk.ppc.rpm
ab0402b7173a04be1cbc6c415807b98a ppc/8.2/RPMS/samba-winbind-2.2.3a-10.1mdk.ppc.rpm
5677dee51659f50acee4e55346ca737d ppc/8.2/SRPMS/samba-2.2.3a-10.1mdk.src.rpm

Mandrake Linux 9.0:
25b264e1b5ee43b26d861f5b5e07d7d2 9.0/RPMS/nss_wins-2.2.7-2.1mdk.i586.rpm
619a0506a84d25099ca0653be0f5fd3a 9.0/RPMS/samba-client-2.2.7-2.1mdk.i586.rpm
d7ed710067f71285cc616fe07efd7753 9.0/RPMS/samba-common-2.2.7-2.1mdk.i586.rpm
2b5667097a398ef87e9e721c26bb613b 9.0/RPMS/samba-doc-2.2.7-2.1mdk.i586.rpm
ff124b4103dd84e51f5be82dd9244b1f 9.0/RPMS/samba-server-2.2.7-2.1mdk.i586.rpm
a7b976a81f59d7ce7111cb5f44d89bcd 9.0/RPMS/samba-swat-2.2.7-2.1mdk.i586.rpm
0859d8665e9d2ea2f1f96365a7456e3f 9.0/RPMS/samba-winbind-2.2.7-2.1mdk.i586.rpm
b93cd8ca9319a628ee7015bbd5d2196e 9.0/SRPMS/samba-2.2.7-2.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »