SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(Fedora Issues Fix for FC2) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012357
SecurityTracker URL:  http://securitytracker.com/id/1012357
CVE Reference:   CVE-2004-0882   (Links to External Site)
Date:  Nov 30 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0 - 3.0.7
Description:   A vulnerability was reported in Samba in the processing of QFILEPATHINFO requests. A remote authenticated user can execute arbitrary code on the target system.

Stefan Esser of e-matters GmbH reported that a remote authenticated user can send a specially crafted TRANSACT2_QFILEPATHINFO request for a specially crafted filename containing unicode characters to trigger a buffer overflow. When the filename's unicode characters are converted by the target server in constructing the reply, the space allocated by the server may be overflowed.

If the filename does not already exist on the target server, the remote authenticated user must have write access to create the specially crafted filename before issuing the request.

The vendor was notified on September 24, 2004.

Default installations are affected.

The original advisory is available at:

http://security.e-matters.de/advisories/132004.html

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

2b0bc0c2e583a133dc07b09b4422543a SRPMS/samba-3.0.9-1.fc2.src.rpm
f3d903e7099182bcf45ef3687e3c8a2d x86_64/samba-3.0.9-1.fc2.x86_64.rpm
1a269d4165998a76acb3243fb62dab45 x86_64/samba-client-3.0.9-1.fc2.x86_64.rpm
658f125a96529d1575fa0d263f4c0c49 x86_64/samba-common-3.0.9-1.fc2.x86_64.rpm
cac85d92936bd0d439b6de22cb329668 x86_64/samba-swat-3.0.9-1.fc2.x86_64.rpm
4c027a83a5a6edf2088988d8ddcbcf78 x86_64/debug/samba-debuginfo-3.0.9-1.fc2.x86_64.rpm
215044acfc71e0e9573961256a86f192 i386/samba-3.0.9-1.fc2.i386.rpm
ef369b89ce7cefd84402ee34eac2bb49 i386/samba-client-3.0.9-1.fc2.i386.rpm
9c97b6758ecda6bdeb884218faab7b00 i386/samba-common-3.0.9-1.fc2.i386.rpm
c94f67795a693d910dff51f4caebee6d i386/samba-swat-3.0.9-1.fc2.i386.rpm
0752cbc8e6e613536ac7bb72d07d9081 i386/debug/samba-debuginfo-3.0.9-1.fc2.i386.rpm

Vendor URL:  www.samba.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Nov 15 2004 Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: samba-3.0.9-1.fc2



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-459
2004-11-29
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : samba
Version     : 3.0.9                      
Release     : 1.fc2                  
Summary     : The Samba SMB server.
Description :
Samba is the protocol by which a lot of PC-related machines share
files, printers, and other information (such as lists of available
files and printers). The Windows NT, OS/2, and Linux operating systems
support this natively, and add-on packages can enable the same thing
for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package
provides an SMB server that can be used to provide network services to
SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over
TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw
NetBIOS frame) protocol.

---------------------------------------------------------------------
Update Information:

This update closes two security holes: CAN-2004-0882 and CAN-2004-0930

---------------------------------------------------------------------
* Thu Nov 11 2004 Jay Fenlason <fenlason@redhat.com> 3.0.8-2.FC2

- Upgrade to 3.0.9 to fix CAN-2004-0930 and CAN-2004-0882
- Include the -smbmnt patch from Steven Lawrance (slawrance@yahoo.com)
  that modifies smbmnt to work with 32-bit uids.  This closes #134570
- Include my -changetrustpw patch that closes #134694
- rework this spec file to replace %{initdir} with /etc/rc.d/init.d
- Add "/sbin/ldconfig -n $RPM_BUILD_ROOT/usr/lib/" to this spec file
  to create libsmbclient.so.0 so it gets owned by the correct package.
- Clean up whitespace in this spec file
- Update docs section to not carryover the docs/manpages directory
  This moved many files from /usr/share/doc/samba-*/docs/* to 
  /usr/share/doc/samba-*/*
- Move {lowcase,upcase,valid}.dat to the -common package.
- move the net command to the -common package.
- Update the pidfile comment in xinetd.init to close #76641


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

2b0bc0c2e583a133dc07b09b4422543a  SRPMS/samba-3.0.9-1.fc2.src.rpm
f3d903e7099182bcf45ef3687e3c8a2d  x86_64/samba-3.0.9-1.fc2.x86_64.rpm
1a269d4165998a76acb3243fb62dab45  x86_64/samba-client-3.0.9-1.fc2.x86_64.rpm
658f125a96529d1575fa0d263f4c0c49  x86_64/samba-common-3.0.9-1.fc2.x86_64.rpm
cac85d92936bd0d439b6de22cb329668  x86_64/samba-swat-3.0.9-1.fc2.x86_64.rpm
4c027a83a5a6edf2088988d8ddcbcf78  x86_64/debug/samba-debuginfo-3.0.9-1.fc2.x86_64.rpm
215044acfc71e0e9573961256a86f192  i386/samba-3.0.9-1.fc2.i386.rpm
ef369b89ce7cefd84402ee34eac2bb49  i386/samba-client-3.0.9-1.fc2.i386.rpm
9c97b6758ecda6bdeb884218faab7b00  i386/samba-common-3.0.9-1.fc2.i386.rpm
c94f67795a693d910dff51f4caebee6d  i386/samba-swat-3.0.9-1.fc2.i386.rpm
0752cbc8e6e613536ac7bb72d07d9081  i386/debug/samba-debuginfo-3.0.9-1.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC