[RHSA-2007:1017-01] Critical: samba security update

bugzilla at redhat.com bugzilla at redhat.com
Thu Nov 15 16:30:27 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: samba security update
Advisory ID:       RHSA-2007:1017-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1017.html
Issue date:        2007-11-15
Updated on:        2007-11-15
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4572 CVE-2007-4138 CVE-2007-5398 
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix security issues are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash or execute
arbitrary code. (CVE-2007-5398)

A heap based buffer overflow flaw was found in the way Samba authenticates
users. A remote unauthenticated user could trigger this flaw to cause the
Samba server to crash. Careful analysis of this flaw has determined that
arbitrary code execution is not possible, and under most circumstances will
not result in a crash of the Samba server. (CVE-2007-4572)

A flaw was found in the way Samba assigned group IDs under certain
conditions. If the "winbind nss info" parameter in smb.conf is set to
either "sfu" or "rfc2307", Samba users are incorrectly assigned the group
ID of 0. (CVE-2007-4138)

Red Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,
and the Samba developers for responsibly disclosing these issues.

All Samba users are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To do so, run the following command (as root):

pup

Alternatively, for a command-line interface, run the following command:

yum update

To register your system to RHN, use the following command:

rhn_register

For information on how to manually install or remove packages, refer to the
following link:

http://kbase.redhat.com/faq/FAQ_80_11223.shtm

5. Bug IDs fixed (http://bugzilla.redhat.com/):

286271 - CVE-2007-4138 samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin
294631 - CVE-2007-4572 samba buffer overflow
358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.25b-1.el5_1.2.src.rpm
a614dd8ab1961b7c8a92a170f9bb0036  samba-3.0.25b-1.el5_1.2.src.rpm

i386:
f582807333fffc7cfda3f048ad61497a  samba-3.0.25b-1.el5_1.2.i386.rpm
c0c45a2fb546b2c2dd4274a3a88fa234  samba-client-3.0.25b-1.el5_1.2.i386.rpm
56b33f69aebac9bd6654a0ab6ba1a03e  samba-common-3.0.25b-1.el5_1.2.i386.rpm
51e6fd0037e1ae54d8842436002da8c4  samba-debuginfo-3.0.25b-1.el5_1.2.i386.rpm
5d32128d7fd5545a6684fd8e1e0055e0  samba-swat-3.0.25b-1.el5_1.2.i386.rpm

x86_64:
2940397a447ae38809c5661e3c6e9e9f  samba-3.0.25b-1.el5_1.2.x86_64.rpm
4bd8bf5a6d39844c291e67af9debef55  samba-client-3.0.25b-1.el5_1.2.x86_64.rpm
56b33f69aebac9bd6654a0ab6ba1a03e  samba-common-3.0.25b-1.el5_1.2.i386.rpm
bf460a8a6d2338be4bd83884ca5934a7  samba-common-3.0.25b-1.el5_1.2.x86_64.rpm
51e6fd0037e1ae54d8842436002da8c4  samba-debuginfo-3.0.25b-1.el5_1.2.i386.rpm
053a2c84cf6353a6a8a79ea5e4e1feb7  samba-debuginfo-3.0.25b-1.el5_1.2.x86_64.rpm
7ffd3a287260c93478549f0bff913297  samba-swat-3.0.25b-1.el5_1.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.25b-1.el5_1.2.src.rpm
a614dd8ab1961b7c8a92a170f9bb0036  samba-3.0.25b-1.el5_1.2.src.rpm

i386:
f582807333fffc7cfda3f048ad61497a  samba-3.0.25b-1.el5_1.2.i386.rpm
c0c45a2fb546b2c2dd4274a3a88fa234  samba-client-3.0.25b-1.el5_1.2.i386.rpm
56b33f69aebac9bd6654a0ab6ba1a03e  samba-common-3.0.25b-1.el5_1.2.i386.rpm
51e6fd0037e1ae54d8842436002da8c4  samba-debuginfo-3.0.25b-1.el5_1.2.i386.rpm
5d32128d7fd5545a6684fd8e1e0055e0  samba-swat-3.0.25b-1.el5_1.2.i386.rpm

ia64:
b5c0f25eb34772868f06587ef82f55fc  samba-3.0.25b-1.el5_1.2.ia64.rpm
33c027d28143b365aa2be7f1e4bc157f  samba-client-3.0.25b-1.el5_1.2.ia64.rpm
9026a5f1367f3f0bddbecdd9c6e40799  samba-common-3.0.25b-1.el5_1.2.ia64.rpm
c70dd804f46dc812c719f1756e0ac14a  samba-debuginfo-3.0.25b-1.el5_1.2.ia64.rpm
e79f8e34a2c8e9f3f3f6b18d2e06aa69  samba-swat-3.0.25b-1.el5_1.2.ia64.rpm

ppc:
bd4ce92708ef4da5a2b2f6d3d7152e97  samba-3.0.25b-1.el5_1.2.ppc.rpm
94b414b78ff56c6f1b03dd60eb2763af  samba-client-3.0.25b-1.el5_1.2.ppc.rpm
b499aa2e2743c7599faa9966faa3ba01  samba-common-3.0.25b-1.el5_1.2.ppc.rpm
19b1d28cd1c92e24dc929c7fc077f7a2  samba-common-3.0.25b-1.el5_1.2.ppc64.rpm
0615bdb665e801307a286131ad817335  samba-debuginfo-3.0.25b-1.el5_1.2.ppc.rpm
6f394dbea521283a6694a741f3643f85  samba-debuginfo-3.0.25b-1.el5_1.2.ppc64.rpm
0b83aa72e83102bde6ee6ab6f1b64c5e  samba-swat-3.0.25b-1.el5_1.2.ppc.rpm

s390x:
fc14df09d7e01a24901161d5579545ed  samba-3.0.25b-1.el5_1.2.s390x.rpm
d667ac073503416baabae3c862e87eb3  samba-client-3.0.25b-1.el5_1.2.s390x.rpm
352f6a60a34508f56884f762d6ad3193  samba-common-3.0.25b-1.el5_1.2.s390.rpm
de3cb0008e9801aa7c7f8d7de7fbd6e2  samba-common-3.0.25b-1.el5_1.2.s390x.rpm
0c04d0efff05111233283ee13115bac5  samba-debuginfo-3.0.25b-1.el5_1.2.s390.rpm
e2390cd50eaa87d4509a9711c1c392de  samba-debuginfo-3.0.25b-1.el5_1.2.s390x.rpm
cc836ca1eaf90d2afe6a979d80d0b446  samba-swat-3.0.25b-1.el5_1.2.s390x.rpm

x86_64:
2940397a447ae38809c5661e3c6e9e9f  samba-3.0.25b-1.el5_1.2.x86_64.rpm
4bd8bf5a6d39844c291e67af9debef55  samba-client-3.0.25b-1.el5_1.2.x86_64.rpm
56b33f69aebac9bd6654a0ab6ba1a03e  samba-common-3.0.25b-1.el5_1.2.i386.rpm
bf460a8a6d2338be4bd83884ca5934a7  samba-common-3.0.25b-1.el5_1.2.x86_64.rpm
51e6fd0037e1ae54d8842436002da8c4  samba-debuginfo-3.0.25b-1.el5_1.2.i386.rpm
053a2c84cf6353a6a8a79ea5e4e1feb7  samba-debuginfo-3.0.25b-1.el5_1.2.x86_64.rpm
7ffd3a287260c93478549f0bff913297  samba-swat-3.0.25b-1.el5_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHPHQdXlSAg2UNWIIRAv6aAKCQgvBVsSnZNSFTbl3PZxL/hQeCswCgl84/
pwzn75Ab59FjzAxlbJiWbHM=
=WTjd
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list