The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-702-1] Samba vulnerability


<< Previous INDEX Search src / Print Next >> 
Subject: [USN-702-1] Samba vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -12.4
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.155
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-kQ5tEg1BNWkAxT8Ux/U8"
Date: Mon, 05 Jan 2009 15:16:46 -0500
Message-Id: <1231186606.11166.4.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-kQ5tEg1BNWkAxT8Ux/U8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-702-1           January 05, 2009
samba vulnerability
CVE-2009-0022
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  samba                           2:3.2.3-1ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Gunter H=C3=B6ckel discovered that Samba with registry shares enabled did n=
ot
properly validate share names. An authenticated user could gain access to t=
he
root filesystem by using an older version of smbclient and specifying an
empty string as a share name. This is only an issue if registry shares are
enabled on the server by setting "registry shares =3D yes", "include =3D re=
gistry",
or "config backend =3D registry", which is not the default.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.4.diff.gz
      Size/MD5:   228722 0f792a410505a9918479562ef16ccef4
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.4.dsc
      Size/MD5:     1902 0bda9c946d4f940383ca31bb7ad3e3e8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.ta=
r.gz
      Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3=
-1ubuntu3.4_all.deb
      Size/MD5:  6261402 cdfa982dd0b9c04511734aba9cb98f43
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ub=
untu3.4_all.deb
      Size/MD5:  7954776 d12c0694fa65e5f7162d5322f6765822

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.=
3-1ubuntu3.4_amd64.deb
      Size/MD5:   638726 cc8150b5214fb77d9dfc019b2526cb7c
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.=
2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1968610 adbbd514e01210d81004f1b9e674701e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-=
1ubuntu3.4_amd64.deb
      Size/MD5:  1370212 3192295c2170f5342235edcfd5a2044a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-=
1ubuntu3.4_amd64.deb
      Size/MD5:    89088 fd98b8c2d156a43597d81cb3c05ab3de
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-=
1ubuntu3.4_amd64.deb
      Size/MD5:  3815552 f36fd7dc29e504467a9e0c08f675dc48
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ub=
untu3.4_amd64.deb
      Size/MD5:  1993446 547e40f9cbc9e94908b9c21b54cf7c1f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1=
ubuntu3.4_amd64.deb
      Size/MD5:  5802386 e3e7c712a2784007497213bb0cf2d3d1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.4_amd64.deb
      Size/MD5:  4908532 9188ed5c2e93fcfcc93ffb57aa33a4eb
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ub=
untu3.4_amd64.deb
      Size/MD5:  7173498 6098ce448371e6cb7ba8a7d1acc82f39
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu=
3.4_amd64.deb
      Size/MD5:  1529412 99c94bc3bc8b4ca40b70844062cb0158
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3=
.4_amd64.deb
      Size/MD5:  1112728 6e7be6d81d4bb9645fe7049ad1098e24
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubun=
tu3.4_amd64.deb
      Size/MD5:  3349950 4865e691932849cb5d554b27dc8203c6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.=
3-1ubuntu3.4_i386.deb
      Size/MD5:   574078 2547fa4ec3a2704e7600cfc1682e2678
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.=
2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1844540 d766893ef3b88eefe3a5ff236d37a083
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-=
1ubuntu3.4_i386.deb
      Size/MD5:  1217736 fb4a6dcac85271bb5abd3102e246e908
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-=
1ubuntu3.4_i386.deb
      Size/MD5:    87620 145a90245f66ae82c94611c9a5ef90c6
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-=
1ubuntu3.4_i386.deb
      Size/MD5:  3459480 f83b000101753604b107b969cbafaf38
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ub=
untu3.4_i386.deb
      Size/MD5:  2077500 e4d3bba7c3992d54a002a3de960da088
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1=
ubuntu3.4_i386.deb
      Size/MD5:  5161386 2f816bd0759b5395312b0260b2b1a830
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu=
3.4_i386.deb
      Size/MD5:  4368978 e94a0a0065575763eb688719be55bb55
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ub=
untu3.4_i386.deb
      Size/MD5:  6402838 50306da79199442d648c653563d818e8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu=
3.4_i386.deb
      Size/MD5:  1375964 bb03430c3f6d5f0b6a0ce5582fc4d355
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3=
.4_i386.deb
      Size/MD5:  1006606 f296946e86f49c6fb12b6a6fc74e5006
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubun=
tu3.4_i386.deb
      Size/MD5:  2975328 c9581db640df6618b35bf0386817185e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3=
.4_lpia.deb
      Size/MD5:   553748 4158873bb22c417e2817099582adef0c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubunt=
u3.4_lpia.deb
      Size/MD5:  1769190 f6dea760e2013d0902aea9bb366a7117
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4=
_lpia.deb
      Size/MD5:  1160952 11776d3e92c48211b61d9aad4a83092a
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4=
_lpia.deb
      Size/MD5:    87062 ac2ead655b9e860e180778bdc3b601d8
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4=
_lpia.deb
      Size/MD5:  3328740 fc6f54cab0701fc9c2f9f40712a322aa
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_lp=
ia.deb
      Size/MD5:  2069796 5a757bef21769a0f99d571a9b16f0f41
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_=
lpia.deb
      Size/MD5:  4950004 4e7fd36bae326ccc396c16c023ad6789
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_lpia.d=
eb
      Size/MD5:  4197392 34b7b42b2c5ab302afc86abca35cf459
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_lp=
ia.deb
      Size/MD5:  6136884 b3f071c6be8fb4b0ae36b9a4f342328c
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_lpia.d=
eb
      Size/MD5:  1317220 a2c2ba9a7251b9e66b7541012493a91d
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_lpia.de=
b
      Size/MD5:   968410 72ced84400e6d8739710fcde6f4bafea
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_lpia=
.deb
      Size/MD5:  2855910 d92babc2dda651f130f15e16d887853c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3=
.4_powerpc.deb
      Size/MD5:   606564 344aced9680f82f2144be4845d4f91a3
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubunt=
u3.4_powerpc.deb
      Size/MD5:  1730412 8068336341c057b8d95be0601c204e3c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4=
_powerpc.deb
      Size/MD5:  1255134 86970b95de4ed88deb2d0497bc532fd6
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4=
_powerpc.deb
      Size/MD5:    89038 cc4c8f2c4da9b4e8df3608c4a12547fb
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4=
_powerpc.deb
      Size/MD5:  3600282 9cd6002671370f4ae3d8a26ff72fb60f
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_po=
werpc.deb
      Size/MD5:  2058546 1aecd0379eecc99b41fc6ce2a69309c7
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_=
powerpc.deb
      Size/MD5:  5474936 044102518d3695912332b4eae9527b4b
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_powerp=
c.deb
      Size/MD5:  4640066 96726a3b481e8e220d9e1ab27cd31a2f
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_po=
werpc.deb
      Size/MD5:  6653622 f778f74e99accb34e8f385c5804b3d1e
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_powerp=
c.deb
      Size/MD5:  1417512 7a4323d2fe779cb63c7f1ad7387b1b83
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_powerpc=
.deb
      Size/MD5:  1046216 75bd47fd42c6ae14db5573e8b176137e
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_powe=
rpc.deb
      Size/MD5:  3123092 d2664b3080094bb24b530513c6359003

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3=
.4_sparc.deb
      Size/MD5:   592718 5debe4b94931b2c88f8fa475f5f77bc4
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubunt=
u3.4_sparc.deb
      Size/MD5:  2008260 f498681d446a2ad9fc9f524fd077b4ae
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4=
_sparc.deb
      Size/MD5:  1216100 c01b1c22f857ed00cef34c6c8be07fb9
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4=
_sparc.deb
      Size/MD5:    87638 08d33dc1f635ce0a7937c944a8009d49
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4=
_sparc.deb
      Size/MD5:  3501506 eb3aedcad68acbaa6624173801aebe91
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_sp=
arc.deb
      Size/MD5:  2007758 a3dfca08a50155f594c51ca801a258ad
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_=
sparc.deb
      Size/MD5:  5327954 1e480e57d3de6bfcce1a179d23a6d817
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_sparc.=
deb
      Size/MD5:  4502118 ba2c5b5240d8de234da5e5e006924da4
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_sp=
arc.deb
      Size/MD5:  6448130 13a2ae5a41f1d7d026f109986927813b
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_sparc.=
deb
      Size/MD5:  1371138 05fc1469ba4f74621b93b47a3205b1cb
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_sparc.d=
eb
      Size/MD5:  1019768 bf17ef67379f1b0c0ef76d74ffe3cd66
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_spar=
c.deb
      Size/MD5:  3029050 88018f0ef574839c0d956e62b5f873d6



--=-kQ5tEg1BNWkAxT8Ux/U8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkliaqsACgkQLMAs/0C4zNqMFgCbBhsitSgMnwqDwxUHLJPj2coP
SagAn3EB44LfzgI2DvUssXMvbuGfzfci
=6N5y
-----END PGP SIGNATURE-----

--=-kQ5tEg1BNWkAxT8Ux/U8--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру