Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SCO CSSA-2003-SCO.13.1: Samba root access

SCO CSSA-2003-SCO.13.1: Samba root access

by Nikola Strahija on September 10th, 2003 This vulnerability, if exploited correctly, leads to an anonymous user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. An active exploit of the bug has been reported in the wild.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

__________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.5 OpenServer 5.0.6 OpenServer
5.0.7 : Samba security update available avaliable for download.

Advisory number: CSSA-2003-SCO.13.1
Issue date: 2003 September 10
Cross reference: erg875829 fz527531 sr876763
__________________________________________________________________


1. Problem Description

This vulnerability, if exploited correctly, leads to an
anonymous user gaining root access on a Samba serving
system. All versions of Samba up to and including Samba
2.2.8 are vulnerable. An active exploit of the bug has
been reported in the wild. The Common Vulnerabilities and
Exposures (CVE) project has assigned: CAN-2003-0201:Buffer
overflow in the call_trans2open function in trans2.c for
Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions,
and Samba-TNG before 0.3.2, allows remote attackers to
execute arbitrary code. and CAN-2003-0085: Buffer overflow
in the SMB/CIFS packet fragment re-assembly code for SMB
daemon (smbd) in Samba before 2.2.8, and Samba-TNG before
0.3.1, allows remote attackers to execute arbitrary code.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 Distribution
OpenServer 5.0.6 Distribution
OpenServer 5.0.7 Distribution

3. Solution

The proper solution is to install the latest packages.


4. OpenServer 5.0.6 OpenServer 5.0.5

4.1 First install:

oss646b - Execution Environment Supplement
gwxlibs version 1.2.1Ba - gwxlibs supplement

4.2 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.13

4.3 Verification

MD5 (VOL.000.000) = 175ce3f07683a3a29ce248d1393813ec

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.4 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.

5. OpenServer 5.0.7

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.13

5.2 Verification

MD5 (VOL.000.000) = 175ce3f07683a3a29ce248d1393813ec

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.

6. References

Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents erg875829, fz527531,
sr876763.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


7. Acknowledgements

Thanks to Sebastian Krahmer, SuSE Security Team, and Digital
Defense, Inc. who alerted the Samba Team to this vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/X5PHaqoBO7ipriERAmMGAKCOVraWAsdKm2UrfEo4ZAMOS3JDQACcDyKt
Lsdzs0IiK/WnAbKStbaI6NI=
=LPor
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »