The Slackware Linux Project: Slackware Security Advisories

Slackware Security Advisories

News

Security Advisories

FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists

About

From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Samba security problem fixed
Date: Mon, 7 Apr 2003 15:50:22 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Samba security problem fixed

The samba packages in Slackware 8.1 and 9.0 have been upgraded to
Samba 2.2.8a to fix a security problem.

All sites running samba should upgrade.  


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Mon Apr  7 14:26:53 PDT 2003
patches/packages/samba-2.2.8a-i386-1.tgz:  Upgraded to samba-2.2.8a.
  From the samba-2.2.8a WHATSNEW.txt:

            ****************************************
            * IMPORTANT: Security bugfix for Samba *
            ****************************************

  Digital Defense, Inc. has alerted the Samba Team to a serious
  vulnerability in all stable versions of Samba currently shipping.
  The Common Vulnerabilities and Exposures (CVE) project has assigned
  the ID CAN-2003-0201 to this defect.

  This vulnerability, if exploited correctly, leads to an anonymous
  user gaining root access on a Samba serving system. All versions
  of Samba up to and including Samba 2.2.8 are vulnerable. An active
  exploit of the bug has been reported in the wild. Alpha versions of
  Samba 3.0 and above are *NOT* vulnerable.

(* Security fix *)
+--------------------------+

More information may be found in the Samba 2.2.8a release notes.



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.8a-i386-1.tgz

Updated Samba package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/samba-2.2.8a-i386-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 package:
875ef129196f56d71c833911f3156cd5  samba-2.2.8a-i386-1.tgz

Slackware 9.0 package:
d1d2b689b79a1a8dfc0ee34fd390e72c  samba-2.2.8a-i386-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, stop the samba server:

. /etc/rc.d/rc.samba stop

Next, upgrade the samba package(s) with upgradepkg:

upgradepkg samba-2.2.8a-i386-1.tgz

Finally, start samba again:

. /etc/rc.d/rc.samba start



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+kfZlakRjwEAQIjMRAunYAJwO7tAYu+nT6eK3pl/QUFDRNJK5RACfb27W
sky8+QhsZnx0/Jezsuk0EwY=
=BAYr
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.