Your message dated Wed, 27 Apr 2005 03:48:44 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Integer overflow could lead to remote code execution in Samba
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Dec 2004 00:08:34 +0000
>From [EMAIL PROTECTED] Thu Dec 16 16:08:34 2004
Return-path: <[EMAIL PROTECTED]>
Received: from (bacardi.rok-project.de) [217.24.217.89]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cf5fe-00054Q-00; Thu, 16 Dec 2004 16:08:34 -0800
Received: from localhost (localhost [127.0.0.1])
by bacardi.rok-project.de (Postfix) with ESMTP id D0D6D119C01B;
Fri, 17 Dec 2004 01:08:02 +0100 (CET)
Received: from bacardi.rok-project.de ([127.0.0.1])
by localhost (bacardi.rok-project.de [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id 26287-03; Fri, 17 Dec 2004 01:08:02 +0100 (CET)
Received: by bacardi.rok-project.de (Postfix, from userid 1000)
id A4948119C01A; Fri, 17 Dec 2004 01:08:02 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ulf Theobald <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: samba: Integer overflow could lead to remote code execution in Samba
X-Mailer: reportbug 3.2
Date: Fri, 17 Dec 2004 01:08:02 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at rok-project.de
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: samba
Severity: critical
Tags: security
Justification: root security hole
===========
Description
===========
Remote exploitation of an integer overflow vulnerability
in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
and Samba 3.0.x prior to and including 3.0.9 could
allow an attacker to cause controllable heap corruption,
leading to execution of arbitrary commands with root
privileges.
Successful remote exploitation allows an attacker to
gain root privileges on a vulnerable system. In order
to exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba server.
Unsuccessful exploitation attempts will cause the process
serving the request to crash with signal 11, and may leave
evidence of an attack in logs.
==================
Patch Availability
==================
A patch for Samba 3.0.9 (samba-3.0.9-CAN-2004-1154.patch)
can be downloaded from
http://www.samba.org/samba/ftp/patches/security/
The patch has been signed with the "Samba Distribution
Verification Key" (ID F17F9772).
---------------------------------------
Received: (at 286023-done) by bugs.debian.org; 27 Apr 2005 10:48:58 +0000
>From [EMAIL PROTECTED] Wed Apr 27 03:48:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain)
[66.93.39.86]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DQk60-0002My-00; Wed, 27 Apr 2005 03:48:44 -0700
Received: by localhost.localdomain (Postfix, from userid 1000)
id 29E3D17280B; Wed, 27 Apr 2005 03:48:44 -0700 (PDT)
Date: Wed, 27 Apr 2005 03:48:44 -0700
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Integer overflow could lead to remote code execution in Samba
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="jaoouwwPWoQSJZYp"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--jaoouwwPWoQSJZYp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
CAN-2004-1154 was fixed by the security team in the upload of 2.2.3a-14.2 to
security.debian.org, and the subsequent 2.2.3a-15 version available from
proposed-updates should definitively fix the problem and be included in the
next woody point release.
Thanks,
--=20
Steve Langasek
postmodern programmer
--jaoouwwPWoQSJZYp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCb24KKN6ufymYLloRAsliAKDDgPEvgM88Qs7hH9YhnTX+6e5PMQCeM3xY
an80pvabNuSLgmK75SjMdyw=
=baj0
-----END PGP SIGNATURE-----
--jaoouwwPWoQSJZYp--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
