[LWN Logo]
[LWN.net]
From:	 Caldera Support Information 
To:	 announce@lists.caldera.com, bugtraq@securityfocus.com,
	 linux-secuirty@redhat.com, linuxlist@securityportal.com
Subject: Security Advisory: samaba security problems CSSA-2001-015.0
Date:	 Wed, 18 Apr 2001 13:55:22 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		samba security problems
Advisory number: 	CSSA-2001-015.0
Issue date: 		2001 April, 17
Cross reference:
______________________________________________________________________________


1. Problem Description

   During our security audits we found several places within
   the Samba server code which could lead to a local attacker
   gaining root access.

   The Samba 2.0.8 release fixes those problems. This security
   advisory incorporates the security relevant parts of Samba 2.0.8
   into our released Samba packages.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		All packages previous to
   				samba-2.0.5-2

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	samba-2.0.5-2S

   OpenLinux eDesktop 2.4       All packages previous to
   				samba-2.0.6-3

3. Solution

   Workaround

      none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

	b227164a57937abb95ee4987e064b23d  RPMS/samba-2.0.5-2.i386.rpm
	687620f4c6723f4ac0587d2ec400d92c  RPMS/samba-doc-2.0.5-2.i386.rpm
	52ec815c0046a253ec421e077d649864  RPMS/smbfs-2.0.5-2.i386.rpm
	f58ff0e28ef804213a6d59d5a5c27bce  RPMS/swat-2.0.5-2.i386.rpm
	298afd508cca8c55f905e218f4fd071b  SRPMS/samba-2.0.5-2.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv *.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

	49dbe73aa3f5aac7bab7405eb10bd50b  RPMS/samba-2.0.5-2S.i386.rpm
	ce3f447bf9b578b04ab6613b2a07b5ac  RPMS/samba-doc-2.0.5-2S.i386.rpm
	dd6d36e21807938ac8b85b7111326601  RPMS/smbfs-2.0.5-2S.i386.rpm
	2b77e8589095d4f662833c0e6f4faf8f  RPMS/swat-2.0.5-2S.i386.rpm
	fa498bef6b081d6db0e46954ff9a28a1  SRPMS/samba-2.0.5-2S.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fvh *.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

	82bd7ae8bd7bedd2831550819c202ca3  RPMS/samba-2.0.6-3.i386.rpm
	ab5aca9e66917523f6cf006567195acb  RPMS/samba-doc-2.0.6-3.i386.rpm
	638999b35b5ff375c00089bf7f332aeb  RPMS/smbfs-2.0.6-3.i386.rpm
	8f3ef3648ebf3819ca0f48d2d6ab0854  RPMS/swat-2.0.6-3.i386.rpm
	a4da53d89dd78e35b32521d2630d4fdc  SRPMS/samba-2.0.6-3.src.rpm	

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

       rpm -Fvh *.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 9736.

8. Disclaimer

   Caldera Systems is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements:

   Caldera Systems wishes to thank the Samba Team for providing
   a timely fix to the problem.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE63GHq18sy83A/qfwRAna7AJ9lKN5qN5VEk+p5rj3UdYmkgeiGdwCcDtOs
1fWUKAR+8DW03XP1js/evcc=
=WjrL
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com