Author: jerry Date: 2007-11-15 14:05:56 +0000 (Thu, 15 Nov 2007) New Revision: 1150
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1150 Log: Samba 3.0.27 release announcement details Added: trunk/history/samba-3.0.27.html trunk/security/CVE-2007-4572.html trunk/security/CVE-2007-5398.html Modified: trunk/header_columns.html trunk/history/header_history.html trunk/history/security.html trunk/index.html Changeset: Modified: trunk/header_columns.html =================================================================== --- trunk/header_columns.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/header_columns.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -130,9 +130,9 @@ <div class="releases"> <h4>Current Stable Release</h4> <ul> - <li><a href="/samba/ftp/stable/samba-3.0.26a.tar.gz">Samba 3.0.26a (gzipped)</a></li> - <li><a href="/samba/history/samba-3.0.26a.html">Release Notes</a></li> - <li><a href="/samba/ftp/stable/samba-3.0.26a.tar.asc">Signature</a></li> + <li><a href="/samba/ftp/stable/samba-3.0.27.tar.gz">Samba 3.0.27 (gzipped)</a></li> + <li><a href="/samba/history/samba-3.0.27.html">Release Notes</a></li> + <li><a href="/samba/ftp/stable/samba-3.0.27.tar.asc">Signature</a></li> </ul> <h4>Historical</h4> Modified: trunk/history/header_history.html =================================================================== --- trunk/history/header_history.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/history/header_history.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -77,6 +77,10 @@ <div class="notes"> <h6>Release Notes</h6> <ul> + <li><a href="samba-3.0.27.html">samba-3.0.27</a></li> + <li><a href="samba-3.0.26a.html">samba-3.0.26a</a></li> + <li><a href="samba-3.0.26.html">samba-3.0.26</a></li> + <li><a href="samba-3.0.25c.html">samba-3.0.25c</a></li> <li><a href="samba-3.0.25b.html">samba-3.0.25b</a></li> <li><a href="samba-3.0.25a.html">samba-3.0.25a</a></li> <li><a href="samba-3.0.25.html">samba-3.0.25</a></li> Added: trunk/history/samba-3.0.27.html =================================================================== --- trunk/history/samba-3.0.27.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/history/samba-3.0.27.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -0,0 +1,54 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 3.0.27 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 3.0.27 + Nov 15, 2007 + ============================== + +Samba 3.0.27 is a security release in order to address the following +defects: + + o CVS-2007-4572 + Stack buffer overflow in nmbd's logon request processing. + + o CVE-2007-5398 + Remote code execution in Samba's WINS server daemon (nmbd) + when processing name registration followed name query requests. + +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ + +###################################################################### +Changes +####### + +Changes since 3.0.26a +--------------------- + +o Jeremy Allison <[EMAIL PROTECTED]> + * Fix for CVS-2007-4572. + * Fix for CVE-2007-5398. + + +o Simo Sorce <[EMAIL PROTECTED]> + * Additional fixes for CVS-2007-4572. +</pre> + +<p>Please refer to the original <a href="/samba/history/samba-3.0.26a.html">Samba +3.0.26a Release Notes</a> for more details regarding changes in +previous releases.</p> +</body> +</html> + Property changes on: trunk/history/samba-3.0.27.html ___________________________________________________________________ Name: svn:executable + * Modified: trunk/history/security.html =================================================================== --- trunk/history/security.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/history/security.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -22,6 +22,24 @@ </tr> <tr> + <td>15 Nov 2007</td> + <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td> + <td>Remote Code Execution in Samba's nmbd</td> + <td>Samba 3.0.0 - 3.0.26a</td> + <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4398">CVE-2007-5398</a></td> + <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td> + </tr> + + <tr> + <td>15 Nov 2007</td> + <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td> + <td>GETDC mailslot processing buffer overrun in nmbd</td> + <td>Samba 3.0.0 - 3.0.26a</td> + <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4572</a></td> + <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td> + </tr> + + <tr> <td>11 Sep 2007</td> <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td> <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td> Modified: trunk/index.html =================================================================== --- trunk/index.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/index.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -19,51 +19,26 @@ <h2>Current Release</h2> - <h4><a name="latest">28 Sep 2007</a></h4> - <p class="headline">Samba 3.2.0pre1 Available for Download</p> + <h4><a name="latest">15 Nov 2007</a></h4> + <p class="headline">Samba 3.0.27 Available for Download</p> - <p>The first preview release of Samba 3.2.0 is now available for - testing. This release is <em>not</em> intended for production - servers. An overview of the included changes are described in - the <a href="/samba/ftp/pre/WHATSNEW-3-2-0pre1.txt">Release - Notes</a>. Please report any defects via the Samba bug reporting - system at the <a href="https://bugzilla.samba.org/">Samba - Bugzilla System</a>.</p> + <p>Samba 3.0.27 is a security release to + address <a href="/samba/security/CVE-2007-4572.html">CVE-2007-4572</a> + and <a href="/samba/security/CVE-2007-5398.html">CVE-2007-5398</a>.</p> - <p>Be aware that Samba is now distributed under the version - 3 of the new GNU General Public License. The - <a href="http://news.samba.org/announcements/samba_gplv3/">original - announcement</a> can be read online.</p> - - <p>The <a href="/samba/ftp/pre/">Samba 3.2.0pre1</a> source code - can be downloaded now. If you prefer, the <a href="/samba/ftp/pre/">patch - files against previous releases</a> are also available for download. + <p>The <a href="/samba/ftp/stable/samba-3.0.27.tar.gz">Samba 3.0.27</a> source code + (<a href="/samba/ftp/stable/samba-3.0.27.tar.asc">GPG + signature</a>) can be downloaded now. If you prefer, the + <a href="/samba/ftp/patches/patch-3.0.26a-3.0.27.diffs.gz">patch + file against previous releases</a> + (<a href="/samba/ftp/patches/patch-3.0.26a-3.0.27.diffs.asc">GPG + signature</a>) is also available for download. Please read these <a href="/samba/download/">instructions on how to verify the gpg signature</a>. Precompiled packages will be made available on a volunteer basis and can be found in the <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p> - <h4><a name="latest">11 Sep 2007</a></h4> - <p class="headline">Samba 3.0.26 and Samba 3.0.26a Available for Download</p> - <p>Samba 3.0.26 and Samba 3.0.26a are now available for download. - Samba 3.0.26 is a security release to address <a href="/samba/security/CVE-2007-4138.html">CVE-2007-4138</a>. - Samba 3.0.26a is the latest bug fix release for the Samba 3.0.26 - code base and is the version that servers should run for all - current Samba 3.0 bug fixes. Please review the <a - href="/samba/history/samba-3.0.26a.html">Release Notes</a> for a - complete of list of changes.</p> - - <p>The <a href="/samba/ftp/stable/samba-3.0.26.tar.gz">Samba 3.0.26</a> - and <a href="/samba/ftp/samba-3.0.26a.tar.gz">Samba 3.0.26a</a> - source code can be downloaded now. - If you prefer, the <a href="/samba/ftp/patches/">patch - files against previous releases</a> are also available for download. - Please read these <a href="/samba/download/">instructions on - how to verify the gpg signature</a>. Precompiled packages will - be made available on a volunteer basis and can be found in the - <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p> - <h4>4 September 2007</h4> <p class="headline">Samba 4.0.0 alpha1 Available for Download</p> Added: trunk/security/CVE-2007-4572.html =================================================================== --- trunk/security/CVE-2007-4572.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/security/CVE-2007-4572.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -0,0 +1,85 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2007-5398 - Remote Code Execution in Samba's nmbd</H2> + +<p> +<pre> +========================================================== +== +== Subject: Remote code execution in Samba's WINS +== server daemon (nmbd) when processing name +== registration followed name query requests. +== +== CVE ID#: CVE-2007-5398 +== +== Versions: Samba 3.0.0 - 3.0.26a (inclusive) +== +== Summary: When nmbd has been configured as a WINS +== server, a client can send a series of name +== registration request followed by a specific +== name query request packet and execute +== arbitrary code. +== +========================================================== + +=========== +Description +=========== + +Secunia Research reported a vulnerability that allows for +the execution of arbitrary code in nmbd. This defect may +only be exploited when the "wins support" parameter has +been enabled in smb.conf. + + +================== +Patch Availability +================== + +A patch addressing this defect has been posted to + + http://www.samba.org/samba/security/ + +Additionally, Samba 3.0.27 has been issued as a security +release to correct the defect. + + +========== +Workaround +========== + +Samba administrators may avoid this security issue by +disabling the "wins support" feature in the hosts smb.conf +file. + + +======= +Credits +======= + +This vulnerability was reported to Samba developers by +Alin Rad Pop, Secunia Research. + +The time line is as follows: + +* Oct 30, 2007: Initial report to [EMAIL PROTECTED] +* Oct 30, 2007: First response from Samba developers confirming + the bug along with a proposed patch. +* Nov 15, 2007: Public security advisory to be made available. + + +========================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +========================================================== +</pre> +</body> +</html> Added: trunk/security/CVE-2007-5398.html =================================================================== --- trunk/security/CVE-2007-5398.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/security/CVE-2007-5398.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -0,0 +1,88 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2> + + +<p> +<pre> +========================================================== +== +== Subject: Stack buffer overflow in nmbd's logon +== request processing. +== +== CVE ID#: CVE-2007-4572 +== +== Versions: Samba 3.0.0 - 3.0.26a (inclusive) +== +== Summary: Processing of specially crafted GETDC +== mailslot requests can result in a buffer +== overrun in nmbd. It is not believed that +== that this issues can be exploited to +== result in remote code execution. +== +========================================================== + +=========== +Description +=========== + +Samba developers have discovered what is believed to be +a non-exploitable buffer over in nmbd during the processing +of GETDC logon server requests. This code is only used +when the Samba server is configured as a Primary or Backup +Domain Controller. + + +================== +Patch Availability +================== + +A patch addressing this defect has been posted to + + http://www.samba.org/samba/security/ + +Additionally, Samba 3.0.27 has been issued as a security +release to correct the defect. + + +========== +Workaround +========== + +Samba administrators may avoid this security issue by disabling +both the "domain logons" and the "domain master" options in in +the server's smb.conf file. Note that this will disable all +domain controller features as well. + + +======= +Credits +======= + +This vulnerability was discovered by Samba developers during +an internal code audit. + +The time line is as follows: + +* Sep 13, 2007: Initial report to [EMAIL PROTECTED] including + proposed patch. +* Sep 14, 2007: Patch review by members of the Josh Bressers + (RedHat Security Team) and Simo Sorce (Samba/RedHat developer) +* Nov 15, 2007: Public security advisory made available. + + +========================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +========================================================== +</pre> +</body> +</html>