[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:196 ] samba



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:196
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : August 7, 2009
 Affected: 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in samba:
 
 Multiple format string vulnerabilities in client/client.c in smbclient
 in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers
 to execute arbitrary code via format string specifiers in a filename
 (CVE-2009-1886).
 
 The acl_group_override function in smbd/posix_acls.c in smbd in Samba
 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before
 3.3.6, when dos filemode is enabled, allows remote attackers to modify
 access control lists for files via vectors related to read access to
 uninitialized memory (CVE-2009-1888).
 
 This update provides samba 3.2.13 to address these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 e560c29e7403b4cba66a0af49ca2ae7c  
2009.0/i586/libnetapi0-3.2.13-0.2mdv2009.0.i586.rpm
 30594671d155a78c5ef2bb6884fb48c7  
2009.0/i586/libnetapi-devel-3.2.13-0.2mdv2009.0.i586.rpm
 1991fdbc46b32ef1524d1e3a2bac1740  
2009.0/i586/libsmbclient0-3.2.13-0.2mdv2009.0.i586.rpm
 fef67835324adf11412cb7d1d91f6002  
2009.0/i586/libsmbclient0-devel-3.2.13-0.2mdv2009.0.i586.rpm
 70954d4b5ae651bf24858dc2ce21cd42  
2009.0/i586/libsmbclient0-static-devel-3.2.13-0.2mdv2009.0.i586.rpm
 9f9c22b65704a296b13a6fc5353572c0  
2009.0/i586/libsmbsharemodes0-3.2.13-0.2mdv2009.0.i586.rpm
 fbbd2a30a11fc6ff96e2f48e980e3ca1  
2009.0/i586/libsmbsharemodes-devel-3.2.13-0.2mdv2009.0.i586.rpm
 6502c7f11c59ca41dd75d6c308ece50b  
2009.0/i586/libtalloc1-3.2.13-0.2mdv2009.0.i586.rpm
 9b11a3cd2a9e57e650730c9d932cbe59  
2009.0/i586/libtalloc-devel-3.2.13-0.2mdv2009.0.i586.rpm
 c5cde67f780ad0b519cce0edf2f84b35  
2009.0/i586/libtdb1-3.2.13-0.2mdv2009.0.i586.rpm
 f86a61c041ff4b3ce340b8538fb3fad0  
2009.0/i586/libtdb-devel-3.2.13-0.2mdv2009.0.i586.rpm
 63d98b035746c755e6ef9ccc20b6aa54  
2009.0/i586/libwbclient0-3.2.13-0.2mdv2009.0.i586.rpm
 fe1d9de3586f62f7f71d3fb8543afb05  
2009.0/i586/libwbclient-devel-3.2.13-0.2mdv2009.0.i586.rpm
 4b8e0e89f421a8cf3d9098509f89df31  
2009.0/i586/mount-cifs-3.2.13-0.2mdv2009.0.i586.rpm
 55e106b2e362d3a170b610dcc56a95ca  
2009.0/i586/nss_wins-3.2.13-0.2mdv2009.0.i586.rpm
 18d89f67875c05a49101adfa4e8158a6  
2009.0/i586/samba-client-3.2.13-0.2mdv2009.0.i586.rpm
 6857e6b62dececc2b1cdba210d1bc60d  
2009.0/i586/samba-common-3.2.13-0.2mdv2009.0.i586.rpm
 6e5f88bb6bca89cae7d6f81629a993a2  
2009.0/i586/samba-doc-3.2.13-0.2mdv2009.0.i586.rpm
 b9afd040b14654f9abb0fe44a80967c8  
2009.0/i586/samba-server-3.2.13-0.2mdv2009.0.i586.rpm
 9dcf16a44adf335c3978b407d2c24458  
2009.0/i586/samba-swat-3.2.13-0.2mdv2009.0.i586.rpm
 89e54f80f8d87d7d645da21ab1b3c6ae  
2009.0/i586/samba-winbind-3.2.13-0.2mdv2009.0.i586.rpm 
 853a7a0d04efb98ccd1b86389e606477  
2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b8ca0a3e779b512b317e964669342bde  
2009.0/x86_64/lib64netapi0-3.2.13-0.2mdv2009.0.x86_64.rpm
 a232c45d2dc2daa2245edd061fb7522d  
2009.0/x86_64/lib64netapi-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 31f5d6c964ede6056e75eafa883be697  
2009.0/x86_64/lib64smbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm
 804794a279e87d9800d7a2de2883dfd6  
2009.0/x86_64/lib64smbclient0-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 6b41b9baaed9ab4be204c013a2f70c23  
2009.0/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 99e49f97d78ea96f42c217c75ae3fb5b  
2009.0/x86_64/lib64smbsharemodes0-3.2.13-0.2mdv2009.0.x86_64.rpm
 0480776e8e155c33b5ab05ab98a44e20  
2009.0/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 883a70cf9b7c7cf2c25905cd8509b761  
2009.0/x86_64/lib64talloc1-3.2.13-0.2mdv2009.0.x86_64.rpm
 86b45439f801e342b5b47a0de14cc26f  
2009.0/x86_64/lib64talloc-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 16454ad3e8652a9d3eb699d8c61bf47b  
2009.0/x86_64/lib64tdb1-3.2.13-0.2mdv2009.0.x86_64.rpm
 6ecebcae2880cc287195f0df3478f602  
2009.0/x86_64/lib64tdb-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 dda3d4bee0e04ca670c987d6529304c5  
2009.0/x86_64/lib64wbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm
 2ee38c52565088b3f074d69e7e4525cf  
2009.0/x86_64/lib64wbclient-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 d97168bc98f06e08bfbd311c0b569f80  
2009.0/x86_64/mount-cifs-3.2.13-0.2mdv2009.0.x86_64.rpm
 fb8b49a66055787e0dc711c0284ede5f  
2009.0/x86_64/nss_wins-3.2.13-0.2mdv2009.0.x86_64.rpm
 98fa55b725abf3122de9c1a379ada0be  
2009.0/x86_64/samba-client-3.2.13-0.2mdv2009.0.x86_64.rpm
 333ac01dc9006cb1a5373d5ed0d8a8d8  
2009.0/x86_64/samba-common-3.2.13-0.2mdv2009.0.x86_64.rpm
 13dd58dd57bc701a8435bc08e53a86d3  
2009.0/x86_64/samba-doc-3.2.13-0.2mdv2009.0.x86_64.rpm
 76173d6b22d6ebbe278785e395114638  
2009.0/x86_64/samba-server-3.2.13-0.2mdv2009.0.x86_64.rpm
 3cd76bb72d24726258fa7a3ddca4ba5b  
2009.0/x86_64/samba-swat-3.2.13-0.2mdv2009.0.x86_64.rpm
 b6d64c576008dcb247b84397709f57ee  
2009.0/x86_64/samba-winbind-3.2.13-0.2mdv2009.0.x86_64.rpm 
 853a7a0d04efb98ccd1b86389e606477  
2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 69d3bf5264b42006b6d29806d7148304  
mes5/i586/libnetapi0-3.2.13-0.2mdvmes5.i586.rpm
 e105411f90103f58af8c32b5659a3663  
mes5/i586/libnetapi-devel-3.2.13-0.2mdvmes5.i586.rpm
 6caac3db13b68866b133480fc2ac24c3  
mes5/i586/libsmbclient0-3.2.13-0.2mdvmes5.i586.rpm
 36672e9387601118c0a7d1eda4e586e9  
mes5/i586/libsmbclient0-devel-3.2.13-0.2mdvmes5.i586.rpm
 dcef8f37c61352976bdbe3d2f4eb6b83  
mes5/i586/libsmbclient0-static-devel-3.2.13-0.2mdvmes5.i586.rpm
 e466863ee1addc9575f9628e2b5534c8  
mes5/i586/libsmbsharemodes0-3.2.13-0.2mdvmes5.i586.rpm
 bc3938d90434500f79157d9b20a6652f  
mes5/i586/libsmbsharemodes-devel-3.2.13-0.2mdvmes5.i586.rpm
 6dc5996b9cbb4102d40d8e1a8aca7003  
mes5/i586/libtalloc1-3.2.13-0.2mdvmes5.i586.rpm
 2d55b4ece3ed1a5623ff4e1728feba8f  
mes5/i586/libtalloc-devel-3.2.13-0.2mdvmes5.i586.rpm
 a50cdba2a0c5b183f021771958a307ca  mes5/i586/libtdb1-3.2.13-0.2mdvmes5.i586.rpm
 e739b717df5142e0de31784ef46c19ea  
mes5/i586/libtdb-devel-3.2.13-0.2mdvmes5.i586.rpm
 bdda31bfc67f2b38e97b017a01a99954  
mes5/i586/libwbclient0-3.2.13-0.2mdvmes5.i586.rpm
 ba39d40a934553466653ab3ae15150dd  
mes5/i586/libwbclient-devel-3.2.13-0.2mdvmes5.i586.rpm
 38b55ad1d8a225ace7b4a5ad9cc068a8  
mes5/i586/mount-cifs-3.2.13-0.2mdvmes5.i586.rpm
 ef930361464e5987300a2c68623605b0  mes5/i586/nss_wins-3.2.13-0.2mdvmes5.i586.rpm
 1dec5cfa4740ebe79b7b9e57b701c571  
mes5/i586/samba-client-3.2.13-0.2mdvmes5.i586.rpm
 dba7905d92718f15026c74856a5fd11a  
mes5/i586/samba-common-3.2.13-0.2mdvmes5.i586.rpm
 be93a92f129b90a82683b2d5ed798086  
mes5/i586/samba-doc-3.2.13-0.2mdvmes5.i586.rpm
 7065565daa66360f5c1f037fd5e11bde  
mes5/i586/samba-server-3.2.13-0.2mdvmes5.i586.rpm
 efb3b8d697cdfea9297581749a3774d3  
mes5/i586/samba-swat-3.2.13-0.2mdvmes5.i586.rpm
 56e3121bb0b17cc0e7208ad7cf897861  
mes5/i586/samba-winbind-3.2.13-0.2mdvmes5.i586.rpm 
 e37bf698cb6291fabb03c191822940a4  mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5c81cae7fb76d796272a9995e6c3b7c6  
mes5/x86_64/lib64netapi0-3.2.13-0.2mdvmes5.x86_64.rpm
 c8ca656e7706b2f0ffca58483e7a315f  
mes5/x86_64/lib64netapi-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 b09f4161a8dc94fc286475d379d5f184  
mes5/x86_64/lib64smbclient0-3.2.13-0.2mdvmes5.x86_64.rpm
 4605d39bdcce2156aa57915ac0cd9805  
mes5/x86_64/lib64smbclient0-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 636b818e46df1740bc5a0b0a9e07bade  
mes5/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 2ccaec3e555174c9f01be4d56fb0bcec  
mes5/x86_64/lib64smbsharemodes0-3.2.13-0.2mdvmes5.x86_64.rpm
 942ab9c47844b304bc614dda4f92af43  
mes5/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 e9615b13fab8296413c6c1b090d274fd  
mes5/x86_64/lib64talloc1-3.2.13-0.2mdvmes5.x86_64.rpm
 2694c1b30151bca31e67b42dfe19bbd9  
mes5/x86_64/lib64talloc-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 fe2909c38bc45d6de90960e294352908  
mes5/x86_64/lib64tdb1-3.2.13-0.2mdvmes5.x86_64.rpm
 0cf2b56b5da499c8facdefff4d94b0bd  
mes5/x86_64/lib64tdb-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 54e33bc818f206dc9164faf76e85fc5c  
mes5/x86_64/lib64wbclient0-3.2.13-0.2mdvmes5.x86_64.rpm
 88ed36e49c31f49a66a86fa4ff8e2b25  
mes5/x86_64/lib64wbclient-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 0c2a3fda8a2daf1d6ff7be6e36c4a077  
mes5/x86_64/mount-cifs-3.2.13-0.2mdvmes5.x86_64.rpm
 29723b335614bd95ed628de185094fa5  
mes5/x86_64/nss_wins-3.2.13-0.2mdvmes5.x86_64.rpm
 a29c280fafbbcb2dfb42ea8bc8c56ae3  
mes5/x86_64/samba-client-3.2.13-0.2mdvmes5.x86_64.rpm
 3636cd013a6e529f18d4b49455c9a686  
mes5/x86_64/samba-common-3.2.13-0.2mdvmes5.x86_64.rpm
 91a2df862fd97dcd6b6396e788da1206  
mes5/x86_64/samba-doc-3.2.13-0.2mdvmes5.x86_64.rpm
 1f4c9cbc1f8dc635e7a1aa3d5523d807  
mes5/x86_64/samba-server-3.2.13-0.2mdvmes5.x86_64.rpm
 bb1172236f7389c22d942f804c9e34a1  
mes5/x86_64/samba-swat-3.2.13-0.2mdvmes5.x86_64.rpm
 55bdb438e23ae8e3cc131298800d9a98  
mes5/x86_64/samba-winbind-3.2.13-0.2mdvmes5.x86_64.rpm 
 e37bf698cb6291fabb03c191822940a4  mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKfC47mqjQ0CJFipgRAkmVAKDi+Xf6tkPhj3JcORD5Amnalh4SqgCgwyVn
aO4amfUxj9NmDgveW0qyYhw=
=/U8f
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/