Users login

Create an account »


Users login

Home » Hacking News » Slackware 2003-04-08: samba buffer overflow

Slackware 2003-04-08: samba buffer overflow

by Nikola Strahija on April 9th, 2003 A vulnerability has been found in Samba that can lead to buffer overflow and allow remote attackers to gain root privileges.

[slackware-security] Samba security problem fixed

The samba packages in Slackware 8.1 and 9.0 have been upgraded to
Samba 2.2.8a to fix a security problem.

All sites running samba should upgrade.

Here are the details from the Slackware 9.0 ChangeLog:
Mon Apr 7 14:26:53 PDT 2003
patches/packages/samba-2.2.8a-i386-1.tgz: Upgraded to samba-2.2.8a.
From the samba-2.2.8a WHATSNEW.txt:

* IMPORTANT: Security bugfix for Samba *

Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in all stable versions of Samba currently shipping.
The Common Vulnerabilities and Exposures (CVE) project has assigned
the ID CAN-2003-0201 to this defect.

This vulnerability, if exploited correctly, leads to an anonymous
user gaining root access on a Samba serving system. All versions
of Samba up to and including Samba 2.2.8 are vulnerable. An active
exploit of the bug has been reported in the wild. Alpha versions of
Samba 3.0 and above are *NOT* vulnerable.

(* Security fix *)

More information may be found in the Samba 2.2.8a release notes.


Updated Samba package for Slackware 8.1:

Updated Samba package for Slackware 9.0:


Here are the md5sums for the packages:

Slackware 8.1 package:
875ef129196f56d71c833911f3156cd5 samba-2.2.8a-i386-1.tgz

Slackware 9.0 package:
d1d2b689b79a1a8dfc0ee34fd390e72c samba-2.2.8a-i386-1.tgz


As root, stop the samba server:

.. /etc/rc.d/rc.samba stop

Next, upgrade the samba package(s) with upgradepkg:

upgradepkg samba-2.2.8a-i386-1.tgz

Finally, start samba again:

.. /etc/rc.d/rc.samba start


Slackware Linux Security Team
[email protected]

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »