dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Security Advisory: samba security problems

Apr 19, 2001, 17:00 (0 Talkback[s])
Date:         Wed, 18 Apr 2001 13:55:22 -0600
From: Caldera Support Information <sup-info@OPUS.CALDERASYSTEMS.COM>
Subject:      Security Advisory: samaba security problems CSSA-2001-015.0



                   Caldera Systems, Inc.  Security Advisory

Subject:                samba security problems
Advisory number:        CSSA-2001-015.0
Issue date:             2001 April, 17

Cross reference:


  1. Problem Description

During our security audits we found several places within the Samba server code which could lead to a local attacker gaining root access.

The Samba 2.0.8 release fixes those problems. This security advisory incorporates the security relevant parts of Samba 2.0.8 into our released Samba packages.

2. Vulnerable Versions

System Package


   OpenLinux 2.3                All packages previous to
                                samba-2.0.5-2

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder       samba-2.0.5-2S

   OpenLinux eDesktop 2.4       All packages previous to
                                samba-2.0.6-3

3. Solution

Workaround

none

The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

        b227164a57937abb95ee4987e064b23d  RPMS/samba-2.0.5-2.i386.rpm
        687620f4c6723f4ac0587d2ec400d92c  RPMS/samba-doc-2.0.5-2.i386.rpm
        52ec815c0046a253ec421e077d649864  RPMS/smbfs-2.0.5-2.i386.rpm
        f58ff0e28ef804213a6d59d5a5c27bce  RPMS/swat-2.0.5-2.i386.rpm
        298afd508cca8c55f905e218f4fd071b  SRPMS/samba-2.0.5-2.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv *.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

        49dbe73aa3f5aac7bab7405eb10bd50b  RPMS/samba-2.0.5-2S.i386.rpm
        ce3f447bf9b578b04ab6613b2a07b5ac  RPMS/samba-doc-2.0.5-2S.i386.rpm
        dd6d36e21807938ac8b85b7111326601  RPMS/smbfs-2.0.5-2S.i386.rpm
        2b77e8589095d4f662833c0e6f4faf8f  RPMS/swat-2.0.5-2S.i386.rpm
        fa498bef6b081d6db0e46954ff9a28a1  SRPMS/samba-2.0.5-2S.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh *.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

        82bd7ae8bd7bedd2831550819c202ca3  RPMS/samba-2.0.6-3.i386.rpm
        ab5aca9e66917523f6cf006567195acb  RPMS/samba-doc-2.0.6-3.i386.rpm
        638999b35b5ff375c00089bf7f332aeb  RPMS/smbfs-2.0.6-3.i386.rpm
        8f3ef3648ebf3819ca0f48d2d6ab0854  RPMS/swat-2.0.6-3.i386.rpm
        a4da53d89dd78e35b32521d2630d4fdc  SRPMS/samba-2.0.6-3.src.rpm   

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh *.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 9736.

8. Disclaimer

Caldera Systems is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements:

Caldera Systems wishes to thank the Samba Team for providing a timely fix to the problem.