SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(Fedora Issues Fix for FC3) Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012359
SecurityTracker URL:  http://securitytracker.com/id/1012359
CVE Reference:   CVE-2004-0882   (Links to External Site)
Date:  Nov 30 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0 - 3.0.7
Description:   A vulnerability was reported in Samba in the processing of QFILEPATHINFO requests. A remote authenticated user can execute arbitrary code on the target system.

Stefan Esser of e-matters GmbH reported that a remote authenticated user can send a specially crafted TRANSACT2_QFILEPATHINFO request for a specially crafted filename containing unicode characters to trigger a buffer overflow. When the filename's unicode characters are converted by the target server in constructing the reply, the space allocated by the server may be overflowed.

If the filename does not already exist on the target server, the remote authenticated user must have write access to create the specially crafted filename before issuing the request.

The vendor was notified on September 24, 2004.

Default installations are affected.

The original advisory is available at:

http://security.e-matters.de/advisories/132004.html

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

d254ddf57e6fd0ebeb0e0dc8aa2a5ac2 SRPMS/samba-3.0.9-1.fc3.src.rpm
fd6e5d1bd9d1ca5f023396884b795389 x86_64/samba-3.0.9-1.fc3.x86_64.rpm
18a20384b1aaed6c72b1894a986644a9 x86_64/samba-client-3.0.9-1.fc3.x86_64.rpm
c7f95e47ffb456b08a7e8a146a7f5ff4 x86_64/samba-common-3.0.9-1.fc3.x86_64.rpm
c30dd1bed208b5ff60ce2a953b56b32f x86_64/samba-swat-3.0.9-1.fc3.x86_64.rpm
f245d6faff2da4736fa292629abfc378 x86_64/debug/samba-debuginfo-3.0.9-1.fc3.x86_64.rpm
6389442760fcf4f69e7085d62292fd32 x86_64/samba-common-3.0.9-1.fc3.i386.rpm
bd54457ee99bcbfb5e36d194363c959c i386/samba-3.0.9-1.fc3.i386.rpm
300e28632cdc1712dfb39ecf405e2049 i386/samba-client-3.0.9-1.fc3.i386.rpm
6389442760fcf4f69e7085d62292fd32 i386/samba-common-3.0.9-1.fc3.i386.rpm
cb09ddf548381c1e4b3fbf6c86212e7b i386/samba-swat-3.0.9-1.fc3.i386.rpm
b948a78e6376f3620be26ac9161fe95e i386/debug/samba-debuginfo-3.0.9-1.fc3.i386.rpm

Vendor URL:  www.samba.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Nov 15 2004 Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 3 Update: samba-3.0.9-1.fc3



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-460
2004-11-29
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : samba
Version     : 3.0.9                      
Release     : 1.fc3                  
Summary     : The Samba SMB server.
Description :
Samba is the protocol by which a lot of PC-related machines share
files, printers, and other information (such as lists of available
files and printers). The Windows NT, OS/2, and Linux operating systems
support this natively, and add-on packages can enable the same thing
for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package
provides an SMB server that can be used to provide network services to
SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over
TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw
NetBIOS frame) protocol.

---------------------------------------------------------------------
Update Information:

This update closes two security holes: CAN-2004-0882 and CAN-2004-0930.

---------------------------------------------------------------------
* Mon Nov 22 2004 Jay Fenlason <fenlason@redhat.com> 3.0.9-1.fc3

- Upgrade to 3.0.9, which fixes problems with 3.0.8
  (From the release notes:)
  o Problem updating roaming user profiles.
  o Crash in smbd when printing from a Windows 9x client.
  o Unresolved symbols in libsmbclient which caused 
    applications such as KDE's konqueror to fail when
    accessing smb:// URLs.
- Backport fixes for #134694, #76628, #76641
- Remove the hack needed for the bad doc files in the 3.0.8 tarball.
- Include the install.mount.smbfs patch.
- Remove obsolete triggers from this spec file.

* Tue Nov 09 2004 Jay Fenlason <fenlason@redhat.com> 3.0.8-1.fc3

- New upstream release fixes CAN-2004-0930
  This obsoletes the disable-sendfile, salt, signing-shortkey and fqdn patches.
- Updated pie and logfiles patches for 3.0.8
- Include the corrected docs tarball, and use it instead of the obsolete
  docs from the upstream 3.0.8 tarballs.


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

d254ddf57e6fd0ebeb0e0dc8aa2a5ac2  SRPMS/samba-3.0.9-1.fc3.src.rpm
fd6e5d1bd9d1ca5f023396884b795389  x86_64/samba-3.0.9-1.fc3.x86_64.rpm
18a20384b1aaed6c72b1894a986644a9  x86_64/samba-client-3.0.9-1.fc3.x86_64.rpm
c7f95e47ffb456b08a7e8a146a7f5ff4  x86_64/samba-common-3.0.9-1.fc3.x86_64.rpm
c30dd1bed208b5ff60ce2a953b56b32f  x86_64/samba-swat-3.0.9-1.fc3.x86_64.rpm
f245d6faff2da4736fa292629abfc378  x86_64/debug/samba-debuginfo-3.0.9-1.fc3.x86_64.rpm
6389442760fcf4f69e7085d62292fd32  x86_64/samba-common-3.0.9-1.fc3.i386.rpm
bd54457ee99bcbfb5e36d194363c959c  i386/samba-3.0.9-1.fc3.i386.rpm
300e28632cdc1712dfb39ecf405e2049  i386/samba-client-3.0.9-1.fc3.i386.rpm
6389442760fcf4f69e7085d62292fd32  i386/samba-common-3.0.9-1.fc3.i386.rpm
cb09ddf548381c1e4b3fbf6c86212e7b  i386/samba-swat-3.0.9-1.fc3.i386.rpm
b948a78e6376f3620be26ac9161fe95e  i386/debug/samba-debuginfo-3.0.9-1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC