Bulletin d'alerte Debian
DSA-200-1 samba -- Exploitation à distance
- Date du rapport :
- 22 novembre 2002
- Paquets concernés :
- samba
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2002-1318.
- Plus de précisions :
-
Steve Langasek a découvert un bogue exploitable dans le code qui gère les mots de passe dans samba. En convertissant un code de page DOS à un code de page petit boutiste UCS2 unicode, samba ne contrôle pas la longueur d'un tampon, si bien qu'il peut déborder. Il n'y a pas d'exploitation connue pour cette faille, mais une mise à jour est fortement conseillée.
Ce problème a été corrigé dans la version 2.2.3a-12 pour les paquets Debian samba et dans la version 2.2.7 dans la version des auteurs.
- Corrigé dans :
-
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb
- arm (ARM):
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb
- hppa (HP PA RISC):
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb
- i386 (Intel ia32):
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb
- ia64 (Intel ia64):
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb
- s390 (IBM S/390):
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.