[ Thanks to Gerald
Carter for this release. ]
Summary: | Potential Buffer Overruns in Samba 3.0 and Samba 2.2 |
CVE ID: | CAN-2004-0600, CAN-2004-0686 (http://cve.mitre.org/) |
CAN-2004-0600
Affected Versions: >= v3.0.2
The internal routine used by the Samba Web Administration Tool
(SWAT v3.0.2 and later) to decode the base64 data during HTTP basic
authentication is subject to a buffer overrun caused by an invalid
base64 character. It is recommended that all Samba v3.0.2 or later
installations running SWAT either (a) upgrade to v3.0.5, or (b)
disable the swat administration service as a temporary
workaround.
This same code is used internally to decode the sambaMungedDial
attribute value when using the ldapsam passdb backend. While we do
not believe that the base64 decoding routines used by the ldapsam
passdb backend can be exploited, sites using an LDAP directory
service with Samba are strongly encouraged to verify that the DIT
only allows write access to sambaSamAccount attributes by a
sufficiently authorized user.
The Samba Team would like to heartily thank Evgeny Demidov for
analyzing and reporting this bug.
CAN-2004-0686
Affected Versions: >= v2.2.9, >= v3.0.0
A buffer overrun has been located in the code used to support
the ‘mangling method = hash’ smb.conf option. Please be aware that
the default setting for this parameter in Samba 3 is ‘mangling
method = hash2’ and therefore not vulnerable.
Affected Samba installations can avoid this possible security
bug by using the hash2 mangling method. Server installations
requiring the hash mangling method are encouraged to upgrade to
Samba 3.0.5 (or 2.2.10).
Samba 3.0.5 and 2.2.10 are identical to the previous release in
each respective series with the exception of fixing these issues.
Samba 3.0.5rc1 has been removed from the download area on Samba.org
and 3.0.6rc2 will be available later this week.
The source code can be downloaded from :
http://download.samba.org/samba/ftp/
The uncompressed tarball and patch file have been signed using
GnuPG. The Samba public key is available at
http://download.samba.org/samba/ftp/samba-pubkey.asc
Binary packages are available at
http://download.samba.org/samba/ftp/Binary_Packages/
The release notes are also available on-line at
http://www.samba.org/samba/whatsnew/samba-3.0.5.html
http://www.samba.org/samba/whatsnew/samba-2.2.10.html
Our code, Our bugs, Our responsibility. (Samba Bugzilla —
https://bugzilla.samba.org/)
— The Samba Team