[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-29.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-29.xml
Date:	Tue, 20 Nov 2007 21:15:30
Message-Id:	`E1IuaRJ-0007OZ-2C@stork.gentoo.org`

1

py          07/11/20 21:15:25

2

3

  Added:                glsa-200711-29.xml

4

  Log:

5

  GLSA 200711-29

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200711-29.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200711-29.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200711-29">

21

  <title>Samba: Execution of arbitrary code</title>

22

  <synopsis>

23

    Samba contains two buffer overflow vulnerabilities potentially resulting in

24

    the execution of arbitrary code, one of which is currently unfixed.

25

  </synopsis>

26

  <product type="ebuild">samba</product>

27

  <announced>November 20, 2007</announced>

28

  <revised>November 20, 2007: 01</revised>

29

  <bug>197519</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="net-fs/samba" auto="yes" arch="*">

33

      <unaffected range="ge">3.0.26a-r2</unaffected>

34

      <vulnerable range="lt">3.0.26a-r2</vulnerable>

35

    </package>

36

  </affected>

37

  <background>

38

<p>

39

    Samba is a suite of SMB and CIFS client/server programs for UNIX.

40

    </p>

41

  </background>

42

  <description>

43

<p>

44

    Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia

45

    Research) discovered a boundary checking error in the

46

    reply_netbios_packet() function which could lead to a stack-based

47

    buffer overflow (CVE-2007-5398). The Samba developers discovered a

48

    boundary error when processing GETDC logon requests also leading to a

49

    buffer overflow (CVE-2007-4572).

50

    </p>

51

  </description>

52

  <impact type="high">

53

<p>

54

    To exploit the first vulnerability a remote unauthenticated attacker

55

    could send specially crafted WINS "Name Registration" requests followed

56

    by a WINS "Name Query" request. This might lead to execution of

57

    arbitrary code with elevated privileges. Note that this vulnerability

58

    is exploitable only when WINS server support is enabled in Samba. The

59

    second vulnerability could be exploited by sending specially crafted

60

    "GETDC" mailslot requests, but requires Samba to be configured as a

61

    Primary or Backup Domain Controller. It is not believed the be

62

    exploitable to execute arbitrary code.

63

    </p>

64

  </impact>

65

  <workaround>

66

<p>

67

    To work around the first vulnerability, disable WINS support in Samba

68

    by setting "<i>wins support = no</i>" in the "global" section of your

69

    smb.conf and restart Samba.

70

    </p>

71

  </workaround>

72

  <resolution>

73

<p>

74

    The Samba 3.0.27 ebuild that resolves both vulnerabilities is currently

75

    masked due to a regression in the patch for the second vulnerability.

76

    </p>

77

<p>

78

    Since no working patch exists yet, all Samba users should upgrade to

79

    3.0.26a-r2, which contains a fix for the first vulnerability

80

    (CVE-2007-5398):

81

    </p>

82

    <code>

83

    # emerge --sync

84

    # emerge --ask --oneshot --verbose &quot;&gt;=net-fs/samba-3.0.26a-r2&quot;</code>

85

<p>

86

    An update to this temporary GLSA will be sent when the second

87

    vulnerability will be fixed.

88

    </p>

89

  </resolution>

90

  <references>

91

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</uri>

92

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</uri>

93

  </references>

94

  <metadata tag="submitter" timestamp="Sat, 03 Nov 2007 23:37:14 +0000">

95

rbu

96

  </metadata>

97

  <metadata tag="bugReady" timestamp="Tue, 20 Nov 2007 21:13:02 +0000">

98

p-y

99

  </metadata>

100

</glsa>

--

105

gentoo-commits@g.o mailing list

1	py 07/11/20 21:15:25
2
3	Added: glsa-200711-29.xml
4	Log:
5	GLSA 200711-29
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200711-29.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200711-29.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200711-29">
21	<title>Samba: Execution of arbitrary code</title>
22	<synopsis>
23	Samba contains two buffer overflow vulnerabilities potentially resulting in
24	the execution of arbitrary code, one of which is currently unfixed.
25	</synopsis>
26	<product type="ebuild">samba</product>
27	<announced>November 20, 2007</announced>
28	<revised>November 20, 2007: 01</revised>
29	<bug>197519</bug>
30	<access>remote</access>
31	<affected>
32	<package name="net-fs/samba" auto="yes" arch="*">
33	<unaffected range="ge">3.0.26a-r2</unaffected>
34	<vulnerable range="lt">3.0.26a-r2</vulnerable>
35	</package>
36	</affected>
37	<background>
38	<p>
39	Samba is a suite of SMB and CIFS client/server programs for UNIX.
40	</p>
41	</background>
42	<description>
43	<p>
44	Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia
45	Research) discovered a boundary checking error in the
46	reply_netbios_packet() function which could lead to a stack-based
47	buffer overflow (CVE-2007-5398). The Samba developers discovered a
48	boundary error when processing GETDC logon requests also leading to a
49	buffer overflow (CVE-2007-4572).
50	</p>
51	</description>
52	<impact type="high">
53	<p>
54	To exploit the first vulnerability a remote unauthenticated attacker
55	could send specially crafted WINS "Name Registration" requests followed
56	by a WINS "Name Query" request. This might lead to execution of
57	arbitrary code with elevated privileges. Note that this vulnerability
58	is exploitable only when WINS server support is enabled in Samba. The
59	second vulnerability could be exploited by sending specially crafted
60	"GETDC" mailslot requests, but requires Samba to be configured as a
61	Primary or Backup Domain Controller. It is not believed the be
62	exploitable to execute arbitrary code.
63	</p>
64	</impact>
65	<workaround>
66	<p>
67	To work around the first vulnerability, disable WINS support in Samba
68	by setting "<i>wins support = no</i>" in the "global" section of your
69	smb.conf and restart Samba.
70	</p>
71	</workaround>
72	<resolution>
73	<p>
74	The Samba 3.0.27 ebuild that resolves both vulnerabilities is currently
75	masked due to a regression in the patch for the second vulnerability.
76	</p>
77	<p>
78	Since no working patch exists yet, all Samba users should upgrade to
79	3.0.26a-r2, which contains a fix for the first vulnerability
80	(CVE-2007-5398):
81	</p>
82	<code>
83	# emerge --sync
84	# emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.26a-r2"</code>
85	<p>
86	An update to this temporary GLSA will be sent when the second
87	vulnerability will be fixed.
88	</p>
89	</resolution>
90	<references>
91	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</uri>
92	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</uri>
93	</references>
94	<metadata tag="submitter" timestamp="Sat, 03 Nov 2007 23:37:14 +0000">
95	rbu
96	</metadata>
97	<metadata tag="bugReady" timestamp="Tue, 20 Nov 2007 21:13:02 +0000">
98	p-y
99	</metadata>
100	</glsa>
101
102
103
104	--
105	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits