From openpkg@openpkg.org Fri Nov 29 14:30:29 2002 From: OpenPKG To: bugtraq@securityfocus.com Date: Fri, 29 Nov 2002 11:12:18 +0100 Subject: [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2002.012 29-Nov-2002 ________________________________________________________________________ Package: samba Vulnerability: code execution, root exploit OpenPKG Specific: no Dependent Packages: none Affected Releases: Affected Packages: Corrected Packages: OpenPKG 1.0 <= samba-2.2.2-1.0.0 >= samba-2.2.2-1.0.1 OpenPKG 1.1 <= samba-2.2.5-1.1.0 >= samba-2.2.5-1.1.1 OpenPKG CURRENT <= samba-2.2.6-20021017 >= samba-2.2.7-20021120 Description: A vulnerability in Samba [0] versions 2.2.2 through 2.2.6 was discovered by the Debian Samba maintainers [1]. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd(8) stack. This attack would have to be crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Check whether you are affected by running "/bin/rpm -q samba". If you have an affected version of the samba package (see above), please upgrade it according to the solution below. Solution: Update existing packages to newly patched versions of Samba. Select the updated source RPM appropriate for your OpenPKG release [2][3][4], and fetch it from the OpenPKG FTP service or a mirror location. Verify its integrity [5], build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM [6]. For the latest OpenPKG 1.1 release, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.1/UPD ftp> get samba-2.2.5-1.1.1.src.rpm ftp> bye $ /bin/rpm -v --checksig samba-2.2.5-1.1.1.src.rpm $ /bin/rpm --rebuild samba-2.2.5-1.1.1.src.rpm $ su - # /bin/rpm -Fvh /RPM/PKG/samba-2.2.5-1.1.1.*.rpm # /etc/rc samba stop start ________________________________________________________________________ References: [0] http://www.samba.org/ [1] http://www.debian.org/security/2002/dsa-200 [2] ftp://ftp.openpkg.org/release/1.0/UPD/ [3] ftp://ftp.openpkg.org/release/1.1/UPD/ [4] ftp://ftp.openpkg.org/current/SRC/ [5] http://www.openpkg.org/security.html#signature [6] http://www.openpkg.org/tutorial.html#regular-source ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For example, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iEYEARECAAYFAj3nO9UACgkQgHWT4GPEy59p5QCfct5flSu1iV1a7dJGasM0J8iN kOMAoNvn9Q1524xufDzZb12THUscFpKd =HEHz -----END PGP SIGNATURE-----