Bulletin d'alerte Debian

DSA-280-1 samba -- Dépassement de tampon

Date du rapport:

7 avril 2003

Paquets concernés:

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans la base de données de suivi des bogues (chez SecurityFocus) : Identificateur BugTraq 7294, Identificateur BugTraq 7295.
Dans le dictionnaire CVE du Mitre : CVE-2003-0201, CVE-2003-0196.
Les annonces de vulnérabilité et les bulletins d'alerte du CERT : VU#267873.

Pour plus d'information:

Digital Defense, Inc. a alerté l'équipe Samba d'une sérieuse faille de sécurité dans Samba, un serveur gestionnaire de fichiers et d'imprimantes réseau pour Unix. Cette faille de sécurité peut amener un utilisateur anonyme à obtenir un accès root sur un système utilisant Samba. Une exploitation de ce problème est déjà en circulation et utilisée.

Étant donné que les paquets pour Potato sont assez vieux, il est bien possible, qu'ils contiennent des bogues de sécurité inconnus. Vous êtes donc avisé de mettre à jour votre système faisant fonctionner Samba vers Woody le plus vite possible.

Des paquets rétroportés non officiels des responsables Samba pour la version 2.2.8 de Samba pour Woody sont disponibles sur ~peloy et ~vorlon.

Pour la distribution stable (Woody), ce problème a été corrigé dans la version 2.2.3a-12.3.

Pour l'ancienne distribution stable (Potato), ce problème a été corrigé dans la version 2.0.7-5.1.

La distribution instable (Sid) n'est pas affectée étant donné qu'elle contient la version 3.0 du paquet.

Nous vous recommandons de mettre à jour vos paquets Samba immédiatement.

Corrigé dans:

Debian GNU/Linux 2.2 (potato)

Source :: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.0.7-5.1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.