![[LWN Logo]](/images/lwn.banner.gif)
Date: 22 Jul 1999 17:44:45 -0000
From: listmaster@locutus.calderasystems.com
To: announce@lists.calderasystems.com
Subject: Security Advisory 18
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: various security problems in samba
Advisory number: CSSA-1999:018.0
Issue date: 1999 July 22
Cross reference:
______________________________________________________________________________
1. Problem Description
There are various security problems in samba releases prior to
version 2.0.5.
a. A denial of service attack against nmbd.
b. A buffer overflow in smbd if you enabled support
for `winpopup' style messages.
This problem should only affect you if you specified
the `message command' parameter in smb.conf (which is
not there by default).
c. A security problem with smbmnt if installed setuid root.
This problem shouldn't affect Caldera OpenLinux users,
as smbmnt is not shipped setuid root.
2. Vulnerable Versions
Systems: OpenLinux 1.3, 2.2
Packages: previous to samba-2.0.5
3. Solutions
workaround for (a): none
workaround for (b): remove the `message command' parameter from smb.conf
or
upgrate to the latest samba-2.0.5-1
rpm -U samba-2.0.5-1.i386.rpm
rpm -U samba-doc-2.0.5-1.i386.rpm
rpm -U swat-2.0.5-1.i386.rpm
rpm -U smbfs-2.0.5-1.i386.rpm
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -U samba-2.0.5-1.i386.rpm
rpm -U samba-doc-2.0.5-1.i386.rpm
rpm -U swat-2.0.5-1.i386.rpm
rpm -U smbfs-2.0.5-1.i386.rpm
6. Verification
5a8109374b96206d881910a63ab3452e RPMS/samba-2.0.5-1.i386.rpm
08be3cbf69d699c062656bcdbcdeb99a RPMS/samba-doc-2.0.5-1.i386.rpm
780b541013339b01c365feab6ffb8913 RPMS/smbfs-2.0.5-1.i386.rpm
5ce5c81d32ba680e341d665f4b48bf88 RPMS/swat-2.0.5-1.i386.rpm
557b96ea60fd24e98b9b6a5327ced73a SRPMS/samba-2.0.5-1.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/news/security/index.html
This security fix closes Caldera's internal Problem Report 4789
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBN5clwun+9R4958LpAQFbKwQAp3crjC1PIttojvoApZsEa/rB+eu0Ef+l
pjUjWxJ/KqW7s1u7sW98oQVbkTgq64Wz/lTsrkmBlSk5oK6fUIACe/LBoK4Ko2s9
WtmkO7sTsqrZqr0wuG2uKb+4vbn3/M/7Xv5DEpucPPrzaSknA3vs7mfdl14+z6tV
NelBwYO847w=
=0dZP
-----END PGP SIGNATURE-----
--
Note: To learn how to use this list server, email a "help" command to
majordomo@lists.calderasystems.com.