|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Gentoo Linux Information for VU#298233
| Date Notified: | |
| Date Updated: | |
| Status Summary: | Vulnerable |
Vendor Statement- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-11
- ---------------------------------------------------------------------
PACKAGE : samba
SUMMARY : buffer overrun
DATE : 2003-03-17 09:22 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.2.8
FIXED VERSION : >=2.2.8
CVE : CAN-2003-0085 CAN-2003-0086
- ---------------------------------------------------------------------
From advisory:
"The SuSE security audit team, in particular Sebastian Krahmer
<krahmer at suse.de>, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server."
"A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd."
Read the full advisory at:
http://lists.samba.org/pipermail/samba-announce/2003-March/000063.html
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-fs/samba upgrade to samba-2.2.8 as follows:
emerge sync
emerge samba
emerge clean
- ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- ---------------------------------------------------------------------
Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
