The OpenPKG Project Information for VU#958321

Samba contains a remotely exploitable stack buffer overflow



Vendor Statement

Hash: SHA1


OpenPKG Security Advisory                            The OpenPKG Project                   
OpenPKG-SA-2002.012                                          29-Nov-2002

Package:             samba
Vulnerability:       code execution, root exploit
OpenPKG Specific:    no

Dependent Packages:  none

Affected Releases:   Affected Packages:       Corrected Packages:
OpenPKG 1.0          <= samba-2.2.2-1.0.0     >= samba-2.2.2-1.0.1
OpenPKG 1.1          <= samba-2.2.5-1.1.0     >= samba-2.2.5-1.1.1
OpenPKG CURRENT      <= samba-2.2.6-20021017  >= samba-2.2.7-20021120

 A vulnerability in Samba [0] versions 2.2.2 through 2.2.6 was
 discovered by the Debian Samba maintainers [1]. A bug in the
 length checking for encrypted password change requests from clients
 could be exploited using a buffer overrun attack on the smbd(8)
 stack. This attack would have to be crafted in such a way that
 converting a DOS codepage string to little endian UCS2 unicode
 would translate into an executable block of code.

  Check whether you are affected by running "<prefix>/bin/rpm -q
 samba". If you have an affected version of the samba package (see
 above), please upgrade it according to the solution below.

 Update existing packages to newly patched versions of Samba. Select the
 updated source RPM appropriate for your OpenPKG release [2][3][4], and
 fetch it from the OpenPKG FTP service or a mirror location. Verify its
 integrity [5], build a corresponding binary RPM from it and update your
 OpenPKG installation by applying the binary RPM [6]. For the latest
 OpenPKG 1.1 release, perform the following operations to permanently fix
 the security problem (for other releases adjust accordingly).

  $ ftp
 ftp> bin
 ftp> cd release/1.1/UPD
 ftp> get samba-2.2.5-1.1.1.src.rpm
 ftp> bye
 $ <prefix>/bin/rpm -v --checksig samba-2.2.5-1.1.1.src.rpm
 $ <prefix>/bin/rpm --rebuild samba-2.2.5-1.1.1.src.rpm
 $ su -
 # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/samba-2.2.5-1.1.1.*.rpm
 # <prefix>/etc/rc samba stop start


For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL or on To
check the integrity of this advisory, verify its digital signature by
using GnuPG ( For example, pipe this message to
the command "gpg --verify --keyserver".

Comment: OpenPKG <>


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.