'[ MDVSA-2010:141 ] samba'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [ MDVSA-2010:141 ] samba
From:       security () mandriva ! com
Date:       2010-07-27 16:43:00
Message-ID: E1OdnF6-0005ZU-KH () titan ! mandriva ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:141
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : July 27, 2010
 Affected: 2010.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in samba:
 
 The chain_reply function in process.c in smbd in Samba before 3.4.8 and
 3.5.x before 3.5.2 allows remote attackers to cause a denial of service
 (NULL pointer dereference and process crash) via a Negotiate Protocol
 request with a certain 0x0003 field value followed by a Session Setup
 AndX request with a certain 0x8003 field value (CVE-2010-1635).
 
 The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in
 Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to
 trigger an out-of-bounds read, and cause a denial of service (process
 crash), via a \xff\xff security blob length in a Session Setup AndX
 request (CVE-2010-1642).
 
 The updated packages provides samba 3.4.8 which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1635
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1642
 http://samba.org/samba/history/samba-3.4.8.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 7448da14d3cd38e46ef194ce171215c4  2010.0/i586/libnetapi0-3.4.8-0.1mdv2010.0.i586.rpm
 06c3fc5e7c685893a18fc6f4d8a2922a  \
2010.0/i586/libnetapi-devel-3.4.8-0.1mdv2010.0.i586.rpm  \
68ab1439a074c1f8d4662d9ee5799076  \
2010.0/i586/libsmbclient0-3.4.8-0.1mdv2010.0.i586.rpm  \
a10ab609798c947213f372c19b325dd5  \
2010.0/i586/libsmbclient0-devel-3.4.8-0.1mdv2010.0.i586.rpm  \
009d6e6bd9f84f9cee5b07930425b955  \
2010.0/i586/libsmbclient0-static-devel-3.4.8-0.1mdv2010.0.i586.rpm  \
0e1188b9bae8a6cfee48a6a1e09551f1  \
2010.0/i586/libsmbsharemodes0-3.4.8-0.1mdv2010.0.i586.rpm  \
309d86578c162b1df920f63f8c557b43  \
2010.0/i586/libsmbsharemodes-devel-3.4.8-0.1mdv2010.0.i586.rpm  \
ba544bd939276b14d73b3b2101b754dc  \
2010.0/i586/libwbclient0-3.4.8-0.1mdv2010.0.i586.rpm  \
d2441a3fbabd411a0b10dc3de9e0b1ab  \
2010.0/i586/libwbclient-devel-3.4.8-0.1mdv2010.0.i586.rpm  \
ed856faed4546f7984a5b97fd56e8a1c  2010.0/i586/mount-cifs-3.4.8-0.1mdv2010.0.i586.rpm  \
81983af0fd7c6d5ac2eaba11ff56039e  2010.0/i586/nss_wins-3.4.8-0.1mdv2010.0.i586.rpm  \
d9e710c53bd905be68601fd3f72e1624  \
2010.0/i586/samba-client-3.4.8-0.1mdv2010.0.i586.rpm  \
99097a7153e6694bd94d078c31de0cb4  \
2010.0/i586/samba-common-3.4.8-0.1mdv2010.0.i586.rpm  \
dfa4a8a6ed149ca3cf1aa5af62b517fe  2010.0/i586/samba-doc-3.4.8-0.1mdv2010.0.i586.rpm  \
77d65fb7fed8dad1f23863df8e90d810  \
2010.0/i586/samba-server-3.4.8-0.1mdv2010.0.i586.rpm  \
dd3e5136d2e9955c15273eafe0a68285  2010.0/i586/samba-swat-3.4.8-0.1mdv2010.0.i586.rpm  \
b77cad772f69755e270076bc9bce9e85  \
2010.0/i586/samba-winbind-3.4.8-0.1mdv2010.0.i586.rpm   \
108c4366915b69a5d16cf9e550c1a07c  2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 dc3ea8121670006d7f6cf03e55bc6847  \
2010.0/x86_64/lib64netapi0-3.4.8-0.1mdv2010.0.x86_64.rpm  \
667c0a292b645a34e0ef69f868b50c1e  \
2010.0/x86_64/lib64netapi-devel-3.4.8-0.1mdv2010.0.x86_64.rpm  \
86867f07f941e401d729da99db8999c7  \
2010.0/x86_64/lib64smbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm  \
4bf349bed200e12b58a7b770bb380a4d  \
2010.0/x86_64/lib64smbclient0-devel-3.4.8-0.1mdv2010.0.x86_64.rpm  \
166403ad036554045969d15c5d7930ce  \
2010.0/x86_64/lib64smbclient0-static-devel-3.4.8-0.1mdv2010.0.x86_64.rpm  \
a27c18efe52f8bd84e3c9fe0397330f5  \
2010.0/x86_64/lib64smbsharemodes0-3.4.8-0.1mdv2010.0.x86_64.rpm  \
321fb245fffeaf5eb51a2374a98d82aa  \
2010.0/x86_64/lib64smbsharemodes-devel-3.4.8-0.1mdv2010.0.x86_64.rpm  \
5c2e728292c68ba9e2792243884aec1e  \
2010.0/x86_64/lib64wbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm  \
2592b742d650311a8e41c424108fea35  \
2010.0/x86_64/lib64wbclient-devel-3.4.8-0.1mdv2010.0.x86_64.rpm  \
24aba98967dc4d1344761042c3f690b8  \
2010.0/x86_64/mount-cifs-3.4.8-0.1mdv2010.0.x86_64.rpm  \
6ee9b8449e0f3098c97ee3375b4ac1fa  \
2010.0/x86_64/nss_wins-3.4.8-0.1mdv2010.0.x86_64.rpm  \
8d965d364efd1811663942e994177613  \
2010.0/x86_64/samba-client-3.4.8-0.1mdv2010.0.x86_64.rpm  \
7b12626da40ff3a0d99af999b4025031  \
2010.0/x86_64/samba-common-3.4.8-0.1mdv2010.0.x86_64.rpm  \
d85b87de309397eaef937367f692a162  \
2010.0/x86_64/samba-doc-3.4.8-0.1mdv2010.0.x86_64.rpm  \
2072d71d0788f78ae0fbaee6c8d6ffcb  \
2010.0/x86_64/samba-server-3.4.8-0.1mdv2010.0.x86_64.rpm  \
88efc944e7a50f88c461fc8396680a71  \
2010.0/x86_64/samba-swat-3.4.8-0.1mdv2010.0.x86_64.rpm  \
e1cdabf9142b48ec1d4573162d48cdf1  \
2010.0/x86_64/samba-winbind-3.4.8-0.1mdv2010.0.x86_64.rpm   \
108c4366915b69a5d16cf9e550c1a07c  2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm  \
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMTuDAmqjQ0CJFipgRAq+cAKCGuYjBRT4imHhGvLBBoECfH1aeMACfS8Ds
WGQC7SJBb9VtWWkuTKJenpQ=
=U4M8
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic