what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

sambaOverruns.txt

sambaOverruns.txt
Posted Jul 22, 2004
Site samba.org

Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.

tags | advisory, web, overflow
advisories | CVE-2004-0600, CVE-2004-0686
SHA-256 | 678349fe0f5740544c4c032a294d1fb0aaa173deede39851cd1f4a8580219ec0

sambaOverruns.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Summary: Potential Buffer Overruns in Samba 3.0 and Samba 2.2
CVE ID: CAN-2004-0600, CAN-2004-0686
~ (http://cve.mitre.org/)

- -------------
CAN-2004-0600
- -------------

Affected Versions: >= v3.0.2

The internal routine used by the Samba Web Administration
Tool (SWAT v3.0.2 and later) to decode the base64 data
during HTTP basic authentication is subject to a buffer
overrun caused by an invalid base64 character. It is
recommended that all Samba v3.0.2 or later installations
running SWAT either (a) upgrade to v3.0.5, or (b) disable
the swat administration service as a temporary workaround.

This same code is used internally to decode the
sambaMungedDial attribute value when using the ldapsam
passdb backend. While we do not believe that the base64
decoding routines used by the ldapsam passdb backend can
be exploited, sites using an LDAP directory service with
Samba are strongly encouraged to verify that the DIT only
allows write access to sambaSamAccount attributes by a
sufficiently authorized user.

The Samba Team would like to heartily thank Evgeny Demidov
for analyzing and reporting this bug.


- -------------
CAN-2004-0686
- -------------

Affected Versions: >= v2.2.9, >= v3.0.0


A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Please be aware
that the default setting for this parameter in Samba 3 is
'mangling method = hash2' and therefore not vulnerable.

Affected Samba installations can avoid this possible security
bug by using the hash2 mangling method. Server installations
requiring the hash mangling method are encouraged to upgrade
to Samba 3.0.5 (or 2.2.10).

~ --------------------------------------


Samba 3.0.5 and 2.2.10 are identical to the previous release
in each respective series with the exception of fixing these
issues. Samba 3.0.5rc1 has been removed from the download area
on Samba.org and 3.0.6rc2 will be available later this week.


The source code can be downloaded from :

~ http://download.samba.org/samba/ftp/

The uncompressed tarball and patch file have been signed
using GnuPG. The Samba public key is available at

~ http://download.samba.org/samba/ftp/samba-pubkey.asc

Binary packages are available at

~ http://download.samba.org/samba/ftp/Binary_Packages/

The release notes are also available on-line at

~ http://www.samba.org/samba/whatsnew/samba-3.0.5.html
~ http://www.samba.org/samba/whatsnew/samba-2.2.10.html

Our code, Our bugs, Our responsibility.
(Samba Bugzilla -- https://bugzilla.samba.org/)


~ -- The Samba Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA/6GdIR7qMdg1EfYRAhGYAJ9wsFUb4+1Nu3shPQn12O5tXQAe1ACgvs6a
HxsnDPYXoL+q5UoYb6/2iJA=
=YCOV
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close