Updated samba packages fix vulnerabilities

[mystified]

Mandrakesoft Security Advisories

 

Package name samba

Date September 13th, 2004

Advisory ID MDKSA-2004:092

Affected versions 10.0

Synopsis Updated samba packages fix multiple vulnerabilities

 

 

Problem Description

 

Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd's ASN.1 parsing that allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. As a result, it is possible to use up all available memory on the server.

 

The second vulnerability is in nmbd's processing of mailslot packets which could allow an attacker to anonymously crash nmbd.

 

The provided packages are patched to protect against these two vulnerabilities.

 

 

Updated Packages

 

 

Mandrakelinux 10.0

 

fbc2d7127436e5eb85c5acb74cdcf700 10.0/RPMS/libsmbclient0-3.0.6-4.1.100mdk.i586.rpm

c3840923c0a3a3f7879aad67d71b83ca 10.0/RPMS/libsmbclient0-devel-3.0.6-4.1.100mdk.i586.rpm

a32ffab67469831aa0a41bff1bfb6e0f 10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.1.100mdk.i586.rpm

26f21d06aef89a024ab23e223ebd352e 10.0/RPMS/nss_wins-3.0.6-4.1.100mdk.i586.rpm

d1bfd3bb611b18b29234225b447f578d 10.0/RPMS/samba-client-3.0.6-4.1.100mdk.i586.rpm

455d513867cdc3a48e6daff86a9baaa8 10.0/RPMS/samba-common-3.0.6-4.1.100mdk.i586.rpm

124c7ef7605291f582a0936215e93547 10.0/RPMS/samba-doc-3.0.6-4.1.100mdk.i586.rpm

5b6cff62c630e3ef422e8d7a2689e9dc 10.0/RPMS/samba-passdb-mysql-3.0.6-4.1.100mdk.i586.rpm

00007bffe9e8b1cb31b775f4c858a4fe 10.0/RPMS/samba-passdb-pgsql-3.0.6-4.1.100mdk.i586.rpm

7ae2ff0b3081750ded1b337465852119 10.0/RPMS/samba-passdb-xml-3.0.6-4.1.100mdk.i586.rpm

389df2d926ab7a648fafa6081f28c705 10.0/RPMS/samba-server-3.0.6-4.1.100mdk.i586.rpm

fda3ee680a6bca3e06ff489aef330e8c 10.0/RPMS/samba-swat-3.0.6-4.1.100mdk.i586.rpm

2516390f97800e4f75cab77f69125f4c 10.0/RPMS/samba-winbind-3.0.6-4.1.100mdk.i586.rpm

00ea72438a3e6b155cc48ec0bef06f32 10.0/SRPMS/samba-3.0.6-4.1.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

6481a03c530b0d614fee4f635b4760e7 amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.1.100mdk.amd64.rpm

1181a4a476c635ae512d93b4f5e425d4 amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.1.100mdk.amd64.rpm

1fdf2bbb3b46365f18ac9980dffe57c2 amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.1.100mdk.amd64.rpm

5c8b314e50486731cdfa8d57be32c6ea amd64/10.0/RPMS/nss_wins-3.0.6-4.1.100mdk.amd64.rpm

31673408cf94a8c01844feaa50ccbe13 amd64/10.0/RPMS/samba-client-3.0.6-4.1.100mdk.amd64.rpm

0e68f033a5abdaf69c2a7eead07d235f amd64/10.0/RPMS/samba-common-3.0.6-4.1.100mdk.amd64.rpm

b806d5a0f505163a8edc510cd3929c0b amd64/10.0/RPMS/samba-doc-3.0.6-4.1.100mdk.amd64.rpm

60539a9d937e55630f3dc1a1de0d688a amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.1.100mdk.amd64.rpm

5c1f865f300b3b161ebabf6804c15f65 amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.1.100mdk.amd64.rpm

426c446dfd68b7e778117dd711593e99 amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.1.100mdk.amd64.rpm

feabeb6e85e9635f83f3d9e74afbad4f amd64/10.0/RPMS/samba-server-3.0.6-4.1.100mdk.amd64.rpm

13b6f3dee538846ec248bad245ada10b amd64/10.0/RPMS/samba-swat-3.0.6-4.1.100mdk.amd64.rpm

685de7594b2ab92323fa0dc14f9bb34b amd64/10.0/RPMS/samba-winbind-3.0.6-4.1.100mdk.amd64.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 chec