Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: samba (200304-02)
Date: Wed, 09 Apr 2003 15:30:50
Message-Id: 20030409084409.4028E339CA@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200304-02
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : samba
9 SUMMARY : Buffer overflow
10 DATE : 2003-04-09 08:44 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <2.2.8a
13 FIXED VERSION : >=2.2.8a
14 CVE : CAN-2003-0201
15
16 - - ---------------------------------------------------------------------
17
18 - From advisory:
19
20 "An anonymous user can gain remote root access due to a buffer overflow caused
21 by a StrnCpy() into a char array (fname) using a non-constant length
22 (namelen)."
23
24 Read the full advisory at:
25 http://marc.theaimsgroup.com/?l=bugtraq&m=104972664226781&w=2
26
27 SOLUTION
28
29 It is recommended that all Gentoo Linux users who are running
30 net-fs/samba upgrade to samba-2.2.8a as follows:
31
32 emerge sync
33 emerge samba
34 emerge clean
35
36 - - ---------------------------------------------------------------------
37 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
38 - - ---------------------------------------------------------------------
39 -----BEGIN PGP SIGNATURE-----
40 Version: GnuPG v1.2.1 (GNU/Linux)
41
42 iD8DBQE+k91YfT7nyhUpoZMRAtowAKDAgOYrqeXDRilQkDN/SBXJegJ6RgCgsSRV
43 ni8x1vst4U3vttassFEdpfA=
44 =wFgE
45 -----END PGP SIGNATURE-----