Date: Wed, 18 Apr 2001 13:55:22 -0600 From: Caldera Support Information <sup-info@OPUS.CALDERASYSTEMS.COM> Subject: Security Advisory: samaba security problems CSSA-2001-015.0
Caldera Systems, Inc. Security Advisory
Subject: samba security problems
Advisory number: CSSA-2001-015.0
Issue date: 2001 April, 17
Cross reference:
- Problem Description
During our security audits we found several places within the
Samba server code which could lead to a local attacker gaining root
access.
The Samba 2.0.8 release fixes those problems. This security
advisory incorporates the security relevant parts of Samba 2.0.8
into our released Samba packages.
2. Vulnerable Versions
System Package
OpenLinux 2.3 All packages previous to
samba-2.0.5-2
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder samba-2.0.5-2S
OpenLinux eDesktop 2.4 All packages previous to
samba-2.0.6-3
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
b227164a57937abb95ee4987e064b23d RPMS/samba-2.0.5-2.i386.rpm
687620f4c6723f4ac0587d2ec400d92c RPMS/samba-doc-2.0.5-2.i386.rpm
52ec815c0046a253ec421e077d649864 RPMS/smbfs-2.0.5-2.i386.rpm
f58ff0e28ef804213a6d59d5a5c27bce RPMS/swat-2.0.5-2.i386.rpm
298afd508cca8c55f905e218f4fd071b SRPMS/samba-2.0.5-2.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv *.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential
3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
49dbe73aa3f5aac7bab7405eb10bd50b RPMS/samba-2.0.5-2S.i386.rpm
ce3f447bf9b578b04ab6613b2a07b5ac RPMS/samba-doc-2.0.5-2S.i386.rpm
dd6d36e21807938ac8b85b7111326601 RPMS/smbfs-2.0.5-2S.i386.rpm
2b77e8589095d4f662833c0e6f4faf8f RPMS/swat-2.0.5-2S.i386.rpm
fa498bef6b081d6db0e46954ff9a28a1 SRPMS/samba-2.0.5-2S.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh *.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
82bd7ae8bd7bedd2831550819c202ca3 RPMS/samba-2.0.6-3.i386.rpm
ab5aca9e66917523f6cf006567195acb RPMS/samba-doc-2.0.6-3.i386.rpm
638999b35b5ff375c00089bf7f332aeb RPMS/smbfs-2.0.6-3.i386.rpm
8f3ef3648ebf3819ca0f48d2d6ab0854 RPMS/swat-2.0.6-3.i386.rpm
a4da53d89dd78e35b32521d2630d4fdc SRPMS/samba-2.0.6-3.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh *.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera’s internal Problem Report
9736.
8. Disclaimer
Caldera Systems is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of Caldera OpenLinux.
9. Acknowledgements:
Caldera Systems wishes to thank the Samba Team for providing a
timely fix to the problem.