SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(Fedora Issues Fix for FC2) Samba smbd Integer Overflow in Allocating Security Descriptors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012672
SecurityTracker URL:  http://securitytracker.com/id/1012672
CVE Reference:   CVE-2004-1154   (Links to External Site)
Date:  Dec 23 2004
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.x, 2.2.x, and 3.0.x through 3.0.9
Description:   iDEFENSE reported an integer overflow vulnerability in Samba smbd in the processing of MS-RPC requests. A remote authenticated user can execute arbitrary code with root privileges.

It is reported that there is a security descriptor integer overflow. A remote authenticated user can send specially crafted SMB messages to the target smb server to trigger a heap overflow during the allocation of memory to store the descriptors and execute arbitrary code.

Greg MacManus of iDEFENSE Labs is credited with discovering this flaw.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=165

Impact:   A remote authenticated user may be able to execute arbitrary code on the target system with root privileges.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

afc9b5acdaedea483c0f092e91941886 SRPMS/samba-3.0.10-1.fc2.src.rpm
7524295f7be60d2e629e019e9ed28d61 x86_64/samba-3.0.10-1.fc2.x86_64.rpm
d030804cf95c6413bdb27882150c8d27 x86_64/samba-client-3.0.10-1.fc2.x86_64.rpm
54087bc4c5aa068f4918a2c0c1765ca9 x86_64/samba-common-3.0.10-1.fc2.x86_64.rpm
903d506a3061ec4879a52444f81db9b8 x86_64/samba-swat-3.0.10-1.fc2.x86_64.rpm
ef4897b4d2978e525871cf703eb68397 x86_64/debug/samba-debuginfo-3.0.10-1.fc2.x86_64.rpm
7d4e075e6af137a2c662f1c0a1b471d2 i386/samba-3.0.10-1.fc2.i386.rpm
7a5bd785a14126740e690ad10d1af6dc i386/samba-client-3.0.10-1.fc2.i386.rpm
47a13cabaed99b4bfd3b0c0a9f254bd0 i386/samba-common-3.0.10-1.fc2.i386.rpm
327ce0e676167768d29ccc246199093d i386/samba-swat-3.0.10-1.fc2.i386.rpm
d364ceafbff0d7f36110091e4ed0e51b i386/debug/samba-debuginfo-3.0.10-1.fc2.i386.rpm

Vendor URL:  samba.org/samba/security/CVE-2004-1154.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Dec 16 2004 Samba smbd Integer Overflow in Allocating Security Descriptors May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: samba-3.0.10-1.fc2



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-561
2004-12-20
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : samba
Version     : 3.0.10                      
Release     : 1.fc2                  
Summary     : The Samba SMB server.
Description :
Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of available
files and printers). The Windows NT, OS/2, and Linux operating systems
support this natively, and add-on packages can enable the same thing
for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package
provides an SMB server that can be used to provide network services to
SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over
TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw
NetBIOS frame) protocol.

---------------------------------------------------------------------

* Fri Dec 17 2004 Jay Fenlason <fenlason@redhat.com> 3.0.10-1.fc2

- New upstream release that closes CAN-2004-1154  bz#142544
- Include the -64bit patch from Nalin.  This closes bz#142873
- Update the -logfiles patch to work with 3.0.10
- Create /var/run/winbindd and make it part of the -common rpm to close
  bz#142242
- move /var/log/samba to -common


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

afc9b5acdaedea483c0f092e91941886  SRPMS/samba-3.0.10-1.fc2.src.rpm
7524295f7be60d2e629e019e9ed28d61  x86_64/samba-3.0.10-1.fc2.x86_64.rpm
d030804cf95c6413bdb27882150c8d27  x86_64/samba-client-3.0.10-1.fc2.x86_64.rpm
54087bc4c5aa068f4918a2c0c1765ca9  x86_64/samba-common-3.0.10-1.fc2.x86_64.rpm
903d506a3061ec4879a52444f81db9b8  x86_64/samba-swat-3.0.10-1.fc2.x86_64.rpm
ef4897b4d2978e525871cf703eb68397  x86_64/debug/samba-debuginfo-3.0.10-1.fc2.x86_64.rpm
7d4e075e6af137a2c662f1c0a1b471d2  i386/samba-3.0.10-1.fc2.i386.rpm
7a5bd785a14126740e690ad10d1af6dc  i386/samba-client-3.0.10-1.fc2.i386.rpm
47a13cabaed99b4bfd3b0c0a9f254bd0  i386/samba-common-3.0.10-1.fc2.i386.rpm
327ce0e676167768d29ccc246199093d  i386/samba-swat-3.0.10-1.fc2.i386.rpm
d364ceafbff0d7f36110091e4ed0e51b  i386/debug/samba-debuginfo-3.0.10-1.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC