INFORMATION BULLETIN
INFORMATION BULLETIN
November 16, 2004 18:00 GMT
[REVISED 20 Dec 2004]
[REVISED 24 Jun 2005]
| PROBLEM: | A buffer overflow in handling Unicode filenames and a problem with input validation routines were discovered in Samba. Samba provides file and printer sharing services to SMB/CIFS clients. |
| PLATFORM: | Samba 3.0.x <= 3.0.7 Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS, ES, WS (v.2.1 and v.3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI - Samba 3.0.7 |
| DAMAGE: | An authenticated remote attacker can send a specially crafted request for a specially crafted filename containing unicode characters to trigger a buffer overflow. Also, a bug in the input validation routines used to match filename strings containing wildcard characters may allow the user to consume more than normal amounts of CPU cycles. |
| SOLUTION: | Install the security patch. |
| VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. A remote authenticated attacker may be able to execute arbitrary code and/or cause a denial of service. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/p-038.shtml |
| ORIGINAL BULLETIN: | https://rhn.redhat.com/errata/RHSA-2004-632.html |
| ADDITIONAL LINKS: | SGI Advisory 2004-12-01-01-P http://www.sgi.com/support/security/advisories.html Sun Alert ID: 101783 http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-101783-1 |
| CVE/CAN: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0882, CAN-2004-0930 |
REVISION HISTORY:
12/20/2004 - added link information to SGI Advisory 2004-12-01-01-P announcing
fixes released for these Samba Vulnerabilities.
06/24/2005 - added link to Sun Alert ID 101783.
[***** Start Red Hat Security Advisory RHSA-2004:632-17 *****]
Updated samba packages fix security issues
Advisory: RHSA-2004:632-17
Last updated on: 2004-11-16
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CAN-2004-0882
CAN-2004-0930
back
Security Advisory
Details:
Updated samba packages that fix various security vulnerabilities are now
available.
Samba provides file and printer sharing services to SMB/CIFS clients.
During a code audit, Stefan Esser discovered a buffer overflow in Samba
versions prior to 3.0.8 when handling unicode filenames. An authenticated
remote user could exploit this bug which may lead to arbitrary code
execution on the server. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0882 to this issue. Red Hat
believes that the Exec-Shield technology (enabled by default since Update
3) will block attempts to remotely exploit this vulnerability on x86
architectures.
Additionally, a bug was found in the input validation routines in versions
of Samba prior to 3.0.8 that caused the smbd process to consume abnormal
amounts of system memory. An authenticated remote user could exploit this
bug to cause a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0930 to this issue.
Users of Samba should upgrade to these updated packages, which contain
backported security patches, and are not vulnerable to these issues.
Updated packages:
Red Hat Desktop (v. 3)
--------------------------------------------------------------------------------
AMD64:
samba-3.0.7-1.3E.1.x86_64.rpm 440a9ae7f707066f28f66b127f1b564c
samba-client-3.0.7-1.3E.1.x86_64.rpm fffa29e5873d2c188b34a720c8e73929
samba-common-3.0.7-1.3E.1.x86_64.rpm 26543f2db62357e8a9aebdbf1acf3274
samba-swat-3.0.7-1.3E.1.x86_64.rpm a699adf4b14ee22dea0d6a4d84e66f24
SRPMS:
samba-3.0.7-1.3E.1.src.rpm 122c0bb27aac341fc37156dc94fc522e
i386:
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-client-3.0.7-1.3E.1.i386.rpm bfbacd051ca80500a34991d3dc9ca3ce
samba-common-3.0.7-1.3E.1.i386.rpm 370cf89a18b670160f51608041812c24
samba-swat-3.0.7-1.3E.1.i386.rpm f89375430ce2785a01cc4586d9689f5a
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
Red Hat Enterprise Linux AS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
samba-2.2.12-1.21as.1.src.rpm e1220dc76372c90c46faa649cbba1ee6
i386:
samba-2.2.12-1.21as.1.i386.rpm 6f81c1ecf8b0b0355ce70502e9a85326
samba-client-2.2.12-1.21as.1.i386.rpm 350ef1e72e4743b0be11603ee1f42cca
samba-common-2.2.12-1.21as.1.i386.rpm ac6ae17ef6870ebbabd4817f1f90fcd9
samba-swat-2.2.12-1.21as.1.i386.rpm 9988653768e2c954a9ccbe73ff67ed75
ia64:
samba-2.2.12-1.21as.1.ia64.rpm a96f03101ea7bd41d886fa95bf9f4308
samba-client-2.2.12-1.21as.1.ia64.rpm 2a4452ec646410dccdd0c23e53203b69
samba-common-2.2.12-1.21as.1.ia64.rpm 31daf4320431b9ff26e51d63e58785f0
samba-swat-2.2.12-1.21as.1.ia64.rpm 06a17eba99c63289a22ea54e6ade8b64
Red Hat Enterprise Linux AS (v. 3)
--------------------------------------------------------------------------------
AMD64:
samba-3.0.7-1.3E.1.x86_64.rpm 440a9ae7f707066f28f66b127f1b564c
samba-client-3.0.7-1.3E.1.x86_64.rpm fffa29e5873d2c188b34a720c8e73929
samba-common-3.0.7-1.3E.1.x86_64.rpm 26543f2db62357e8a9aebdbf1acf3274
samba-swat-3.0.7-1.3E.1.x86_64.rpm a699adf4b14ee22dea0d6a4d84e66f24
SRPMS:
samba-3.0.7-1.3E.1.src.rpm 122c0bb27aac341fc37156dc94fc522e
i386:
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-client-3.0.7-1.3E.1.i386.rpm bfbacd051ca80500a34991d3dc9ca3ce
samba-common-3.0.7-1.3E.1.i386.rpm 370cf89a18b670160f51608041812c24
samba-swat-3.0.7-1.3E.1.i386.rpm f89375430ce2785a01cc4586d9689f5a
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
ia64:
samba-3.0.7-1.3E.1.ia64.rpm e733b35d09659e19a1afcf10ab1ab7dc
samba-client-3.0.7-1.3E.1.ia64.rpm c02426d44e8bbdf625c6baa3b63f7f6c
samba-common-3.0.7-1.3E.1.ia64.rpm 0a37cd8c24c6f69bb1df0aab93467670
samba-swat-3.0.7-1.3E.1.ia64.rpm bf2bfb26e2bb0ccd7c66841214465655
ppc:
samba-3.0.7-1.3E.1.ppc.rpm 0c2696dce74d906545781ecdeca858c7
samba-client-3.0.7-1.3E.1.ppc.rpm 585752b05ad3796f7fa614c06aed33c6
samba-common-3.0.7-1.3E.1.ppc.rpm f75539c9db2405597957edf1b219a158
samba-swat-3.0.7-1.3E.1.ppc.rpm 2318bcd405d8a884e437d905a31b2fc1
ppc64:
samba-3.0.7-1.3E.1.ppc64.rpm e52f8991a6c1e6acb03a567f988019d7
s390:
samba-3.0.7-1.3E.1.s390.rpm 9da990f973c4b9cdf5c2ba67e571492f
samba-client-3.0.7-1.3E.1.s390.rpm 6c5535ee6419de2597e90d4b67651342
samba-common-3.0.7-1.3E.1.s390.rpm 58560ac1022642fcde78b34d9b765bd0
samba-swat-3.0.7-1.3E.1.s390.rpm 70c2f0e373c3f3364420d413524bf18c
samba-3.0.7-1.3E.1.s390.rpm 9da990f973c4b9cdf5c2ba67e571492f
s390x:
samba-3.0.7-1.3E.1.s390x.rpm a2d13a8f4ca6eefaa52cf69abb23223c
samba-client-3.0.7-1.3E.1.s390x.rpm b0390f7081498b6f9a3570c3362de11f
samba-common-3.0.7-1.3E.1.s390x.rpm 23da9fd92b3c59c1e318a2a701494785
samba-swat-3.0.7-1.3E.1.s390x.rpm 802db132f4ec3fe57a42884c1f20c487
Red Hat Enterprise Linux ES (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
samba-2.2.12-1.21as.1.src.rpm e1220dc76372c90c46faa649cbba1ee6
i386:
samba-2.2.12-1.21as.1.i386.rpm 6f81c1ecf8b0b0355ce70502e9a85326
samba-client-2.2.12-1.21as.1.i386.rpm 350ef1e72e4743b0be11603ee1f42cca
samba-common-2.2.12-1.21as.1.i386.rpm ac6ae17ef6870ebbabd4817f1f90fcd9
samba-swat-2.2.12-1.21as.1.i386.rpm 9988653768e2c954a9ccbe73ff67ed75
Red Hat Enterprise Linux ES (v. 3)
--------------------------------------------------------------------------------
AMD64:
samba-3.0.7-1.3E.1.x86_64.rpm 440a9ae7f707066f28f66b127f1b564c
samba-client-3.0.7-1.3E.1.x86_64.rpm fffa29e5873d2c188b34a720c8e73929
samba-common-3.0.7-1.3E.1.x86_64.rpm 26543f2db62357e8a9aebdbf1acf3274
samba-swat-3.0.7-1.3E.1.x86_64.rpm a699adf4b14ee22dea0d6a4d84e66f24
SRPMS:
samba-3.0.7-1.3E.1.src.rpm 122c0bb27aac341fc37156dc94fc522e
i386:
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-client-3.0.7-1.3E.1.i386.rpm bfbacd051ca80500a34991d3dc9ca3ce
samba-common-3.0.7-1.3E.1.i386.rpm 370cf89a18b670160f51608041812c24
samba-swat-3.0.7-1.3E.1.i386.rpm f89375430ce2785a01cc4586d9689f5a
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
ia64:
samba-3.0.7-1.3E.1.ia64.rpm e733b35d09659e19a1afcf10ab1ab7dc
samba-client-3.0.7-1.3E.1.ia64.rpm c02426d44e8bbdf625c6baa3b63f7f6c
samba-common-3.0.7-1.3E.1.ia64.rpm 0a37cd8c24c6f69bb1df0aab93467670
samba-swat-3.0.7-1.3E.1.ia64.rpm bf2bfb26e2bb0ccd7c66841214465655
Red Hat Enterprise Linux WS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
samba-2.2.12-1.21as.1.src.rpm e1220dc76372c90c46faa649cbba1ee6
i386:
samba-2.2.12-1.21as.1.i386.rpm 6f81c1ecf8b0b0355ce70502e9a85326
samba-client-2.2.12-1.21as.1.i386.rpm 350ef1e72e4743b0be11603ee1f42cca
samba-common-2.2.12-1.21as.1.i386.rpm ac6ae17ef6870ebbabd4817f1f90fcd9
samba-swat-2.2.12-1.21as.1.i386.rpm 9988653768e2c954a9ccbe73ff67ed75
Red Hat Enterprise Linux WS (v. 3)
--------------------------------------------------------------------------------
AMD64:
samba-3.0.7-1.3E.1.x86_64.rpm 440a9ae7f707066f28f66b127f1b564c
samba-client-3.0.7-1.3E.1.x86_64.rpm fffa29e5873d2c188b34a720c8e73929
samba-common-3.0.7-1.3E.1.x86_64.rpm 26543f2db62357e8a9aebdbf1acf3274
samba-swat-3.0.7-1.3E.1.x86_64.rpm a699adf4b14ee22dea0d6a4d84e66f24
SRPMS:
samba-3.0.7-1.3E.1.src.rpm 122c0bb27aac341fc37156dc94fc522e
i386:
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-client-3.0.7-1.3E.1.i386.rpm bfbacd051ca80500a34991d3dc9ca3ce
samba-common-3.0.7-1.3E.1.i386.rpm 370cf89a18b670160f51608041812c24
samba-swat-3.0.7-1.3E.1.i386.rpm f89375430ce2785a01cc4586d9689f5a
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
samba-3.0.7-1.3E.1.i386.rpm 0a6450f412492dff6b01562de975708d
ia64:
samba-3.0.7-1.3E.1.ia64.rpm e733b35d09659e19a1afcf10ab1ab7dc
samba-client-3.0.7-1.3E.1.ia64.rpm c02426d44e8bbdf625c6baa3b63f7f6c
samba-common-3.0.7-1.3E.1.ia64.rpm 0a37cd8c24c6f69bb1df0aab93467670
samba-swat-3.0.7-1.3E.1.ia64.rpm bf2bfb26e2bb0ccd7c66841214465655
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
--------------------------------------------------------------------------------
SRPMS:
samba-2.2.12-1.21as.1.src.rpm e1220dc76372c90c46faa649cbba1ee6
ia64:
samba-2.2.12-1.21as.1.ia64.rpm a96f03101ea7bd41d886fa95bf9f4308
samba-client-2.2.12-1.21as.1.ia64.rpm 2a4452ec646410dccdd0c23e53203b69
samba-common-2.2.12-1.21as.1.ia64.rpm 31daf4320431b9ff26e51d63e58785f0
samba-swat-2.2.12-1.21as.1.ia64.rpm 06a17eba99c63289a22ea54e6ade8b64
(The unlinked packages above are only available from the Red Hat Network)
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
Bugs fixed: (see bugzilla for more information)
134640 - CAN-2004-0882 unicode parsing overflow
138325 - CAN-2004-0930 wildcard remote DoS
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
http://www.samba.org/samba/history/samba-3.0.9.html
http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
[***** End Red Hat Security Advisory RHSA-2004:632-17 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/