SA-1997.24.txt
07758428490ce0786a364847e6208ea7ff17ef48d91c8afa7642451aa60f681b
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.24: Vulnerability in Samba
Caldera Security Advisory SA-1997.24
Original report date: 27-Sep-1997
RPM build date: 01-Oct-1997
Advisory issue date: 07-Oct-1997
Last update: 17-Dec-1997
Topic: Vulnerability in the Samba package
I. Problem Description
The Samba server had a buffer overflow problem that had various
security related exploit possibilities. Details of the exploit had
been made available on the Internet via the BUGTRAQ email list.
II. Impact
The samba-1.9.16p7-1 package distributed on the following OpenLinux
releases are vulnerable:
Lite 1.1
Base 1.1
Standard 1.1
This new Samba server has been found to function properly on all of
the releases shown above.
III. Solution
Install the new samba-1.9.17p2-1 package, as described below.
Both source and binary packages are located on Caldera's FTP
server (ftp.caldera.com):
Binary files can be obtained at:
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS
Source files can be obtained at:
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS
To install the update on any OpenLinux 1.1 release
use the following commands:
/etc/rc.d/init.d/smb stop
rpm -U RPMS/samba-1.9.17p2-1.i386.rpm
mv /etc/smb.conf.rpmsave /etc/smb.conf
The next step in the installation is to run lisa:
lisa --daemons
Scroll down to the entry reading "SMB server processes (Samba)"
Mark this line using the space bar.(This toggles the state of
the ONBOOT variable in /etc/sysconf/daemons/smb.)
Exit the dialog by selecting the continue button and start
samba.
Samba will start when the machine is rebooted or can be
started now by typing:
/etc/rc.d/init.d/samba start
The documentation in the new /etc/smb.conf.sample has been
improved. It may be of help when setting up samba features
with which you are unfamiliar.
Please note the following filename changes:
The names of the files in /etc/sysconfig/daemon/ and
/etc/rc.d/init.d/ have changed from smb to samba.
The default lock directory name /var/lock/samba/ has been
changed to /var/lock/samba.d/.
A default log directory named /var/log/samba.d has been
added. If you are using the logrotate package, amend the
logrotate.conf file to reflect this.
IV. References / Credits
Fixes a security problem originally reported on BUGTRAQ@netspace.org
and CERT Vendor-Initiated Bulletin VB-97.10.samba (October 3, 1997).
Reported internally at Caldera as PR #984 and #1006.
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
V. PGP Signature
This message was signed with the PGP key for security@caldera.com.
This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/
Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/
$Id: SA-1997.24,v 1.8 1997/12/17 17:59:11 ron Exp ron $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNJgTG+n+9R4958LpAQGWFgP9GTCr0MZUWxolRt6jV7cUaNRzO+nP4eH8
1ztfvpMON6JmsEAio11uZKgMJj47HeklNwBq2DAlN7WAxJF7ICYPsa4C3qHqTpFa
QNZpE4W6PL0pYai5pVIrf06XXU64M9DIwEJ6CkBX31l70sRWVx+2qLL8gkzPxvUQ
ccGa9kDt8V4=
=9Z+T
-----END PGP SIGNATURE-----