[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[RHSA-2003:138-01] New samba packages fix security vulnerability



---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          New samba packages fix security vulnerability
Advisory ID:       RHSA-2003:138-01
Issue date:        2003-04-07
Updated on:        2003-04-07
Product:           Red Hat Enterprise Linux
Keywords:          smb
Cross references:  
Obsoletes:         RHSA-2003:096
CVE Names:         CAN-2003-0196 CAN-2003-0201
---------------------------------------------------------------------

1. Topic:

Updated Samba packages that fix a security vulnerability are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Samba is a suite of utilities which provides file and printer sharing
services to SMB/CIFS clients.

A security vulnerability has been found in versions of Samba up to and
including 2.2.8.   An anonymous user could exploit the vulnerability to
gain root access on the target machine.  Note that this is a different
vulnerability than the one fixed by RHSA-2003:096.

An exploit for this vulnerability is publicly available.

All users of Samba are advised to update to the packages listed in this
erratum, which contain a backported patch correcting this vulnerability.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

86307 - Netlogon causes DoS since upgrade to latest update
88123 - Another remote anonymous root in Samba

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm

i386:
Available from Red Hat Network: samba-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-common-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-client-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-swat-2.2.7-3.21as.i386.rpm

ia64:
Available from Red Hat Network: samba-2.2.7-3.21as.ia64.rpm
Available from Red Hat Network: samba-common-2.2.7-3.21as.ia64.rpm
Available from Red Hat Network: samba-client-2.2.7-3.21as.ia64.rpm
Available from Red Hat Network: samba-swat-2.2.7-3.21as.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm

ia64:
Available from Red Hat Network: samba-2.2.7-3.21as.ia64.rpm
Available from Red Hat Network: samba-common-2.2.7-3.21as.ia64.rpm
Available from Red Hat Network: samba-client-2.2.7-3.21as.ia64.rpm
Available from Red Hat Network: samba-swat-2.2.7-3.21as.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm

i386:
Available from Red Hat Network: samba-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-common-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-client-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-swat-2.2.7-3.21as.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm

i386:
Available from Red Hat Network: samba-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-common-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-client-2.2.7-3.21as.i386.rpm
Available from Red Hat Network: samba-swat-2.2.7-3.21as.i386.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
bbf4bafcbeec2e455fdbc14c47535a9c 2.1AS/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm
784a388a22b4ed61999fabdae64fde7b 2.1AS/en/os/i386/samba-2.2.7-3.21as.i386.rpm
24b0aa74ae943ff5ce987d2e0b5c3741 2.1AS/en/os/i386/samba-client-2.2.7-3.21as.i386.rpm
5224770440f7d1dca21dbc72607db6ab 2.1AS/en/os/i386/samba-common-2.2.7-3.21as.i386.rpm
f016f2ea4f5f948551289366e3a70484 2.1AS/en/os/i386/samba-swat-2.2.7-3.21as.i386.rpm
ea899123ae66c3b49261413b0fee28a0 2.1AS/en/os/ia64/samba-2.2.7-3.21as.ia64.rpm
60b8ad477bc69dd1b70716c19d961393 2.1AS/en/os/ia64/samba-client-2.2.7-3.21as.ia64.rpm
e57b317315742af6ced084565dc53739 2.1AS/en/os/ia64/samba-common-2.2.7-3.21as.ia64.rpm
c4b9506e7aba51eb2f45e8d801ed0b71 2.1AS/en/os/ia64/samba-swat-2.2.7-3.21as.ia64.rpm
bbf4bafcbeec2e455fdbc14c47535a9c 2.1AW/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm
ea899123ae66c3b49261413b0fee28a0 2.1AW/en/os/ia64/samba-2.2.7-3.21as.ia64.rpm
60b8ad477bc69dd1b70716c19d961393 2.1AW/en/os/ia64/samba-client-2.2.7-3.21as.ia64.rpm
e57b317315742af6ced084565dc53739 2.1AW/en/os/ia64/samba-common-2.2.7-3.21as.ia64.rpm
c4b9506e7aba51eb2f45e8d801ed0b71 2.1AW/en/os/ia64/samba-swat-2.2.7-3.21as.ia64.rpm
bbf4bafcbeec2e455fdbc14c47535a9c 2.1ES/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm
784a388a22b4ed61999fabdae64fde7b 2.1ES/en/os/i386/samba-2.2.7-3.21as.i386.rpm
24b0aa74ae943ff5ce987d2e0b5c3741 2.1ES/en/os/i386/samba-client-2.2.7-3.21as.i386.rpm
5224770440f7d1dca21dbc72607db6ab 2.1ES/en/os/i386/samba-common-2.2.7-3.21as.i386.rpm
f016f2ea4f5f948551289366e3a70484 2.1ES/en/os/i386/samba-swat-2.2.7-3.21as.i386.rpm
bbf4bafcbeec2e455fdbc14c47535a9c 2.1WS/en/os/SRPMS/samba-2.2.7-3.21as.src.rpm
784a388a22b4ed61999fabdae64fde7b 2.1WS/en/os/i386/samba-2.2.7-3.21as.i386.rpm
24b0aa74ae943ff5ce987d2e0b5c3741 2.1WS/en/os/i386/samba-client-2.2.7-3.21as.i386.rpm
5224770440f7d1dca21dbc72607db6ab 2.1WS/en/os/i386/samba-common-2.2.7-3.21as.i386.rpm
f016f2ea4f5f948551289366e3a70484 2.1WS/en/os/i386/samba-swat-2.2.7-3.21as.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available at http://www.redhat.com/solutions/security/news/publickey/

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201

9. Contact:

The Red Hat security contact is <security redhat com>.  More contact
details at http://www.redhat.com/solutions/security/news/contact/

Copyright 2003 Red Hat, Inc.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]