#1 Samba 2.2.8 - IMPORTANT: Security bugfix for Samba
http://www.samba.org/samba/whatsnew/samba-2.2.8.html
Summary
-------
The SuSE security audit team, in particular Sebastian
Krahmer, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server.
This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a
inclusive. This is a serious problem and all sites should either
upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139
and 445. Advice created by Andrew Tridgell, the leader of the Samba Team,
on how to protect an unpatched Samba server is given at the end of this
section.
The SMB/CIFS protocol implemented by Samba is vulnerable to many
attacks, even without specific security holes. The TCP ports 139 and
the new port 445 (used by Win2k and the Samba 3.0 alpha code in
particular) should never be exposed to untrusted networks.
Description
-----------
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
This version of Samba adds explicit overrun and overflow checks on
fragment re-assembly of SMB/CIFS packets to ensure that only valid
re-assembly is performed by smbd.
In addition, the same checks have been added to the re-assembly
functions in the client code, making it safe for use in other
services.
http://www.samba.org/samba/whatsnew/samba-2.2.8.html
Salu 2
Summary
-------
The SuSE security audit team, in particular Sebastian
Krahmer, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server.
This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a
inclusive. This is a serious problem and all sites should either
upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139
and 445. Advice created by Andrew Tridgell, the leader of the Samba Team,
on how to protect an unpatched Samba server is given at the end of this
section.
The SMB/CIFS protocol implemented by Samba is vulnerable to many
attacks, even without specific security holes. The TCP ports 139 and
the new port 445 (used by Win2k and the Samba 3.0 alpha code in
particular) should never be exposed to untrusted networks.
Description
-----------
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
This version of Samba adds explicit overrun and overflow checks on
fragment re-assembly of SMB/CIFS packets to ensure that only valid
re-assembly is performed by smbd.
In addition, the same checks have been added to the re-assembly
functions in the client code, making it safe for use in other
services.
http://www.samba.org/samba/whatsnew/samba-2.2.8.html
Salu 2
0
