Re: samba security -- more info?
Dear Folks, If you know about the samba security problem, could you please send me as soon as possible a pointer to more information, or to the (source) patch or fix? The fixed package is in bo-updates, on a (recent) mirror near you. -- joost witteveen, [EMAIL PROTECTED] #!/usr/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: samba security -- more info?
Just don't expect to find and update your samba package with dselect. :-( Usde dpkg instead. On Tue, 30 Sep 1997, joost witteveen wrote: Dear Folks, If you know about the samba security problem, could you please send me as soon as possible a pointer to more information, or to the (source) patch or fix? The fixed package is in bo-updates, on a (recent) mirror near you. -- joost witteveen, [EMAIL PROTECTED] #!/usr/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: samba security -- more info?
Just don't expect to find and update your samba package with dselect. :-( Usde dpkg instead. True. But I'll never think of saying that, as I never use dselect anyway. I nearly always use dpkg (unless I really want to upgrade my whole system to unstable, then dselect is useful, but otherwise, I just use dpkg -i). -- joost witteveen, [EMAIL PROTECTED] #!/usr/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: samba security -- more info?
Thank you. Actually, I'm wondering if you could point me to the *source* fixes for samba (assuming it is not just a Debian security problem), since the information is to be passed on to a non-Debian sysadmin. John -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: samba security -- more info?
Thank you. Actually, I'm wondering if you could point me to the *source* fixes for samba (assuming it is not just a Debian security problem), since the information is to be passed on to a non-Debian sysadmin. Well, I didn't look that far into it. Yes, you are right, it isn't a Debian problem, and it was fixed by the samba team. All I can do is send you the announcement made by (I presume) the Samba team to bugtraq. It will give you the location of the sourcefile where they say they fixed the problem. Maybe on the ftp site they mention they also still have the newest version without the bugfix, and then you'll be able to diff the two samba sourcefiles. Sorry, but I cannot do anything more. From [EMAIL PROTECTED] Fri Sep 26 20:05:42 1997 Return-Path: [EMAIL PROTECTED] Received: from hearnnt.nic.surfnet.nl ([192.87.5.133]) by rulcmc.leidenuniv.nl with esmtp id [EMAIL PROTECTED] (Debian Smail-3.2 1996-Jul-4 #2); Fri, 26 Sep 1997 20:05:42 +0200 (CEST) Received: from hearnnt (192.87.5.133) by hearnnt.nic.surfnet.nl (LSMTP for Windows N T v1.1a) with SMTP id [EMAIL PROTECTED]; Fri, 26 Sep 1997 20:01:27 +0200 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with spool id 4901339 for [EMAIL PROTECTED]; Fri, 26 Sep 1997 11:39:22 -0400 Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by netspace.org (8.8.7/8.8.2) with ESMTP id LAA12708 for [EMAIL PROTECTED]; Fri, 26 Sep 1997 11:28:21 -0400 Received: from [EMAIL PROTECTED] (port 56069 [128.148.157.6]) by brimstone.netspace.org with ESMTP id 16328-25824; Fri, 26 Sep 1997 11:28:13 -0400 Approved-By: [EMAIL PROTECTED] Received: from samba.anu.edu.au (samba.anu.edu.au [150.203.164.44]) by netspace.org (8.8.7/8.8.2) with ESMTP id KAA03099 for [EMAIL PROTECTED]; Fri, 26 Sep 1997 10:08:02 -0400 Received: from [EMAIL PROTECTED] by samba.anu.edu.au id 12593854-13111; Sat, 27 Sep 1997 00:07:22 +1000 Message-ID: [EMAIL PROTECTED] Date: Sat, 27 Sep 1997 00:07:19 +1000 Reply-To: [EMAIL PROTECTED] Sender: Bugtraq List [EMAIL PROTECTED] From: Andrew Tridgell [EMAIL PROTECTED] Subject: Security bugfix for Samba To: [EMAIL PROTECTED] Status: RO Security bugfix for Samba - A security hole in all versions of Samba has been recently discovered. The security hole allows unauthorized remote users to obtain root access on the Samba server. An exploit for this security hole has been posted to the internet so system administrators should assume that this hole is being actively exploited. The exploit for the security hole is very architecture specific and has been only demonstrated to work for Samba servers running on Intel based platforms. The exploit posted to the internet is specific to Intel Linux servers. It would be very difficult to produce an exploit for other architectures but it may be possible. A new release of Samba has now been made that fixes the security hole. The new release is version 1.9.17p2 and is available from ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz This release also adds a routine which logs a message if anyone attempts to take advantage of the security hole. The message (in the Samba log files) will look like this: ERROR: Invalid password length 999 you're machine may be under attack by a user exploiting an old bug Attack was from IP=aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack. The Samba Team [EMAIL PROTECTED] -- joost witteveen, [EMAIL PROTECTED] #!/usr/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: samba security -- more info?
On Tue, 30 Sep 1997, John M. Rulnick wrote: Thank you. Actually, I'm wondering if you could point me to the *source* fixes for samba (assuming it is not just a Debian security problem), since the information is to be passed on to a non-Debian sysadmin. Here is the original announcement: Xref: uchinews comp.os.linux.announce:8694 Path: uchinews!news.spss.com!uunet!in5.uu.net!news2.epix.net!cdc2.cdc.net!ais.net!newsfeed.internetmci.com!141.211.144.13!newsxfer3.itd.umich.edu!news1.best.com!uninett.no!news-stkh.gip.net!news.gsl.net!gip.net!news3.funet.fi!news.funet.fi!news.cs.hut.fi! news.clinet.fi!liw.clinet.fi!not-for-mail From: Andrew Tridgell [EMAIL PROTECTED] Newsgroups: comp.os.linux.announce Subject: SECURITY: Security bugfix for Samba Followup-To: comp.os.linux.misc Date: Fri, 26 Sep 1997 21:58:32 GMT Organization: none Lines: 59 Approved: [EMAIL PROTECTED] (Lars Wirzenius) Message-ID: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] NNTP-Posting-Host: liw.clinet.fi NNTP-Posting-User: liw X-Server-Date: 26 Sep 1997 21:58:45 GMT Old-Date: Fri, 26 Sep 1997 23:40:47 +1000 X-No-Archive: yes X-Auth: PGPMoose V1.1 PGP comp.os.linux.announce iQBVAwUBNCwwFDiesvPHtqnBAQGqGgIAkwndoh2YjjAiVOCDs7bTdnPC0qmTk//L XtLkOqIRjHWZoohH3uA4jaKr3gz//42hFcFF/JyYef4OHx8HFn5bvg== =BLDy -BEGIN PGP SIGNED MESSAGE- Security bugfix for Samba - A security hole in all versions of Samba has been recently discovered. The security hole allows unauthorized remote users to obtain root access on the Samba server. An exploit for this security hole has been posted to the internet so system administrators should assume that this hole is being actively exploited. The exploit for the security hole is very architecture specific and has been only demonstrated to work for Samba servers running on Intel based platforms. The exploit posted to the internet is specific to Intel Linux servers. It would be very difficult to produce an exploit for other architectures but it may be possible. A new release of Samba has now been made that fixes the security hole. The new release is version 1.9.17p2 and is available from ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz This release also adds a routine which logs a message if anyone attempts to take advantage of the security hole. The message (in the Samba log files) will look like this: ERROR: Invalid password length 999 you're machine may be under attack by a user exploiting an old bug Attack was from IP=aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack. Please report any attacks to the appropriate authority. The Samba Team [EMAIL PROTECTED] - -- This article has been digitally signed by the moderator, using PGP. http://www.iki.fi/liw/lars-public-key.asc has PGP key for validating signature. Send submissions for comp.os.linux.announce to: [EMAIL PROTECTED] PLEASE remember a short description of the software and the LOCATION. This group is archived at http://www.iki.fi/liw/linux/cola.html -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBNCwwD4QRll5MupLRAQF8TQQA2m+9WqUAVg/BAvc+Flfdjp0EpHUS++Ia wDj3LAkQeyexR7fTncvYevIgXCa7B4ZjA6SlH3pEe3UBV9sH+uAjXg2fIzt5YVvb fFbVnUwLCTFBxCt8sCjTV7QvLLpcO8fP2dWWFGpErY6y/v2boQM5t+JWCI4Ecy0e YIitrcRv5zk= =rcqW -END PGP SIGNATURE- Roy [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .