Рекомендация Debian по безопасности

DSA-280-1 samba -- переполнение буфера

Дата сообщения:

07.04.2003

Затронутые пакеты:

Уязвим:

Да

Ссылки на базы данных по безопасности:

В базе данных Bugtraq (на SecurityFocus): Идентификатор BugTraq 7294, Идентификатор BugTraq 7295.
В каталоге Mitre CVE: CVE-2003-0201, CVE-2003-0196.
База данных CERT по уязвимостям, предложениям и инцидентам: VU#267873.

Более подробная информация:

Digital Defense, Inc. предупредили команду разработки Samba о серьёзной уязвимости этого файлового сервера и сервера печати для Unix, аналогичного LanManager. Эта уязвимость может привести к присвоению анонимным пользователем прав доступа пользователя root на системе, обслуживаемой Samba. Код, эксплуатирующий эту проблему, уже известен и используется.

Поскольку пакеты в potato довольно стары, вероятно, они содержат и другие ошибки, связанные с безопасностью, о которых мы не знаем. Поэтому мы настоятельно рекомендуем обновить системы под управлением Samba до woody.

Неофициальные пакеты Samba версии 2.2.8, перенесённые сопровождающими с woody на potato, доступны на ~peloy и ~vorlon.

В стабильном дистрибутиве (woody) эта проблема исправлена в версии 2.2.3a-12.3.

В старом стабильном дистрибутиве (potato) эта проблема исправлена в версии 2.0.7-5.1.

Нестабильный дистрибутив (sid) не затронут, поскольку уже содержит пакеты версии 3.0.

Мы рекомендуем вам немедленно обновить пакеты Samba.

Исправлено в:

Debian GNU/Linux 2.2 (potato)

Исходный код:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7.orig.tar.gz
Независимые от архитектуры компоненты:: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.0.7-5.1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Исходный код:: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
Независимые от архитектуры компоненты:: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mips.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_sparc.deb

Контрольные суммы MD5 этих файлов доступны в исходном сообщении.