OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 29-Nov-2002 11:03:14
Branch: OPENPKG_1_1_SOLID Handle: 2002112910031400
Added files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/samba samba.patch
Modified files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/samba samba.spec
Log:
switch back to 2.2.5 with just the security patch
Summary:
Revision Changes Path
1.1.2.1 +62 -0 openpkg-src/samba/samba.patch
1.25.2.3 +4 -1 openpkg-src/samba/samba.spec
____________________________________________________________________________
Index: openpkg-src/samba/samba.patch
============================================================
$ cvs update -p -r1.1.2.1 samba.patch
IMPORTANT: Security bugfix for Samba
------------------------------------
Summary
-------
A security hole has been discovered in versions 2.2.2 through 2.2.6
of Samba that could potentially allow an attacker to gain root access
on the target machine. The word "potentially" is used because there
is no known exploit of this bug, and the Samba Team has not been able to
craft one ourselves. However, the seriousness of the problem warrants
this immediate 2.2.7 release.
In addition to addressing this security issue, Samba 2.2.7 also includes
thirteen unrelated improvements. These improvements result from our
process of continuous quality assurance and code review, and are part of
the Samba team's commitment to excellence.
Details
-------
There was a bug in the length checking for encrypted password change
requests from clients. A client could potentially send an encrypted
password, which, when decrypted with the old hashed password could be
used as a buffer overrun attack on the stack of smbd. The attach would
have to be crafted such that converting a DOS codepage string to little
endian UCS2 unicode would translate into an executable block of code.
All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable
to this problem. This version of Samba 2.2.7 contains a fix for this
problem.
Earlier versions of Samba are not vulnerable.
There is no known exploit or exploit code for this vulnerability,
it was discovered by a code audit by Debian Samba maintainers.
Credit
------
Thanks to Steve Langasek and Eloy Paris
for bringing this vulnerability to our notice.
Patch for Samba versions 2.2.2 to 2.2.6
---------------------------------------
The following patch applies cleanly to the above Samba versions
and will fix the vulnerability for sites that do not wish to upgrade
to 2.2.7 at this time.
--- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002
+++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
@@ -63,7 +63,7 @@
if(len > 128)
len = 128;
/* Password must be converted to NT unicode - null terminated. */
- dos_struni2((char *)wpwd, (const char *)passwd, 256);
+ dos_struni2((char *)wpwd, (const char *)passwd, len);
/* Calculate length in bytes */
len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
Index: openpkg-src/samba/samba.spec
============================================================
$ cvs diff -u -r1.25.2.2 -r1.25.2.3 samba.spec
--- openpkg-src/samba/samba.spec 28 Nov 2002 16:36:21 -0000 1.25.2.2
+++ openpkg-src/samba/samba.spec 29 Nov 2002 10:03:14 -0000 1.25.2.3
@@ -37,7 +37,7 @@
Distribution: OpenPKG [BASE]
Group: Filesystem
License: GPL
-Version: 2.2.7
+Version: 2.2.5
Release: 1.1.1
# list of sources
@@ -45,6 +45,7 @@
Source1: smb.conf
Source2: smb.hosts
Source3: rc.samba
+Patch0: samba.patch
# build information
Prefix: %{l_prefix}
@@ -64,6 +65,8 @@
%prep
%setup -q
+ cd source
+ %patch -p0
%build
( cd source
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
