exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-196

Mandriva Linux Security Advisory 2009-196
Posted Aug 10, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-196 - Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. This update provides samba 3.2.13 to address these issues.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, osx, mandriva
advisories | CVE-2009-1886, CVE-2009-1888
SHA-256 | 4d74757b18f42f251a7374fa6165b6b3ccd8d6d2da369b6ee183dbf60111b97c

Mandriva Linux Security Advisory 2009-196

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:196
http://www.mandriva.com/security/
_______________________________________________________________________

Package : samba
Date : August 7, 2009
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in samba:

Multiple format string vulnerabilities in client/client.c in smbclient
in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers
to execute arbitrary code via format string specifiers in a filename
(CVE-2009-1886).

The acl_group_override function in smbd/posix_acls.c in smbd in Samba
3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before
3.3.6, when dos filemode is enabled, allows remote attackers to modify
access control lists for files via vectors related to read access to
uninitialized memory (CVE-2009-1888).

This update provides samba 3.2.13 to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
e560c29e7403b4cba66a0af49ca2ae7c 2009.0/i586/libnetapi0-3.2.13-0.2mdv2009.0.i586.rpm
30594671d155a78c5ef2bb6884fb48c7 2009.0/i586/libnetapi-devel-3.2.13-0.2mdv2009.0.i586.rpm
1991fdbc46b32ef1524d1e3a2bac1740 2009.0/i586/libsmbclient0-3.2.13-0.2mdv2009.0.i586.rpm
fef67835324adf11412cb7d1d91f6002 2009.0/i586/libsmbclient0-devel-3.2.13-0.2mdv2009.0.i586.rpm
70954d4b5ae651bf24858dc2ce21cd42 2009.0/i586/libsmbclient0-static-devel-3.2.13-0.2mdv2009.0.i586.rpm
9f9c22b65704a296b13a6fc5353572c0 2009.0/i586/libsmbsharemodes0-3.2.13-0.2mdv2009.0.i586.rpm
fbbd2a30a11fc6ff96e2f48e980e3ca1 2009.0/i586/libsmbsharemodes-devel-3.2.13-0.2mdv2009.0.i586.rpm
6502c7f11c59ca41dd75d6c308ece50b 2009.0/i586/libtalloc1-3.2.13-0.2mdv2009.0.i586.rpm
9b11a3cd2a9e57e650730c9d932cbe59 2009.0/i586/libtalloc-devel-3.2.13-0.2mdv2009.0.i586.rpm
c5cde67f780ad0b519cce0edf2f84b35 2009.0/i586/libtdb1-3.2.13-0.2mdv2009.0.i586.rpm
f86a61c041ff4b3ce340b8538fb3fad0 2009.0/i586/libtdb-devel-3.2.13-0.2mdv2009.0.i586.rpm
63d98b035746c755e6ef9ccc20b6aa54 2009.0/i586/libwbclient0-3.2.13-0.2mdv2009.0.i586.rpm
fe1d9de3586f62f7f71d3fb8543afb05 2009.0/i586/libwbclient-devel-3.2.13-0.2mdv2009.0.i586.rpm
4b8e0e89f421a8cf3d9098509f89df31 2009.0/i586/mount-cifs-3.2.13-0.2mdv2009.0.i586.rpm
55e106b2e362d3a170b610dcc56a95ca 2009.0/i586/nss_wins-3.2.13-0.2mdv2009.0.i586.rpm
18d89f67875c05a49101adfa4e8158a6 2009.0/i586/samba-client-3.2.13-0.2mdv2009.0.i586.rpm
6857e6b62dececc2b1cdba210d1bc60d 2009.0/i586/samba-common-3.2.13-0.2mdv2009.0.i586.rpm
6e5f88bb6bca89cae7d6f81629a993a2 2009.0/i586/samba-doc-3.2.13-0.2mdv2009.0.i586.rpm
b9afd040b14654f9abb0fe44a80967c8 2009.0/i586/samba-server-3.2.13-0.2mdv2009.0.i586.rpm
9dcf16a44adf335c3978b407d2c24458 2009.0/i586/samba-swat-3.2.13-0.2mdv2009.0.i586.rpm
89e54f80f8d87d7d645da21ab1b3c6ae 2009.0/i586/samba-winbind-3.2.13-0.2mdv2009.0.i586.rpm
853a7a0d04efb98ccd1b86389e606477 2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
b8ca0a3e779b512b317e964669342bde 2009.0/x86_64/lib64netapi0-3.2.13-0.2mdv2009.0.x86_64.rpm
a232c45d2dc2daa2245edd061fb7522d 2009.0/x86_64/lib64netapi-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
31f5d6c964ede6056e75eafa883be697 2009.0/x86_64/lib64smbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm
804794a279e87d9800d7a2de2883dfd6 2009.0/x86_64/lib64smbclient0-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
6b41b9baaed9ab4be204c013a2f70c23 2009.0/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
99e49f97d78ea96f42c217c75ae3fb5b 2009.0/x86_64/lib64smbsharemodes0-3.2.13-0.2mdv2009.0.x86_64.rpm
0480776e8e155c33b5ab05ab98a44e20 2009.0/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
883a70cf9b7c7cf2c25905cd8509b761 2009.0/x86_64/lib64talloc1-3.2.13-0.2mdv2009.0.x86_64.rpm
86b45439f801e342b5b47a0de14cc26f 2009.0/x86_64/lib64talloc-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
16454ad3e8652a9d3eb699d8c61bf47b 2009.0/x86_64/lib64tdb1-3.2.13-0.2mdv2009.0.x86_64.rpm
6ecebcae2880cc287195f0df3478f602 2009.0/x86_64/lib64tdb-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
dda3d4bee0e04ca670c987d6529304c5 2009.0/x86_64/lib64wbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm
2ee38c52565088b3f074d69e7e4525cf 2009.0/x86_64/lib64wbclient-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
d97168bc98f06e08bfbd311c0b569f80 2009.0/x86_64/mount-cifs-3.2.13-0.2mdv2009.0.x86_64.rpm
fb8b49a66055787e0dc711c0284ede5f 2009.0/x86_64/nss_wins-3.2.13-0.2mdv2009.0.x86_64.rpm
98fa55b725abf3122de9c1a379ada0be 2009.0/x86_64/samba-client-3.2.13-0.2mdv2009.0.x86_64.rpm
333ac01dc9006cb1a5373d5ed0d8a8d8 2009.0/x86_64/samba-common-3.2.13-0.2mdv2009.0.x86_64.rpm
13dd58dd57bc701a8435bc08e53a86d3 2009.0/x86_64/samba-doc-3.2.13-0.2mdv2009.0.x86_64.rpm
76173d6b22d6ebbe278785e395114638 2009.0/x86_64/samba-server-3.2.13-0.2mdv2009.0.x86_64.rpm
3cd76bb72d24726258fa7a3ddca4ba5b 2009.0/x86_64/samba-swat-3.2.13-0.2mdv2009.0.x86_64.rpm
b6d64c576008dcb247b84397709f57ee 2009.0/x86_64/samba-winbind-3.2.13-0.2mdv2009.0.x86_64.rpm
853a7a0d04efb98ccd1b86389e606477 2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm

Mandriva Enterprise Server 5:
69d3bf5264b42006b6d29806d7148304 mes5/i586/libnetapi0-3.2.13-0.2mdvmes5.i586.rpm
e105411f90103f58af8c32b5659a3663 mes5/i586/libnetapi-devel-3.2.13-0.2mdvmes5.i586.rpm
6caac3db13b68866b133480fc2ac24c3 mes5/i586/libsmbclient0-3.2.13-0.2mdvmes5.i586.rpm
36672e9387601118c0a7d1eda4e586e9 mes5/i586/libsmbclient0-devel-3.2.13-0.2mdvmes5.i586.rpm
dcef8f37c61352976bdbe3d2f4eb6b83 mes5/i586/libsmbclient0-static-devel-3.2.13-0.2mdvmes5.i586.rpm
e466863ee1addc9575f9628e2b5534c8 mes5/i586/libsmbsharemodes0-3.2.13-0.2mdvmes5.i586.rpm
bc3938d90434500f79157d9b20a6652f mes5/i586/libsmbsharemodes-devel-3.2.13-0.2mdvmes5.i586.rpm
6dc5996b9cbb4102d40d8e1a8aca7003 mes5/i586/libtalloc1-3.2.13-0.2mdvmes5.i586.rpm
2d55b4ece3ed1a5623ff4e1728feba8f mes5/i586/libtalloc-devel-3.2.13-0.2mdvmes5.i586.rpm
a50cdba2a0c5b183f021771958a307ca mes5/i586/libtdb1-3.2.13-0.2mdvmes5.i586.rpm
e739b717df5142e0de31784ef46c19ea mes5/i586/libtdb-devel-3.2.13-0.2mdvmes5.i586.rpm
bdda31bfc67f2b38e97b017a01a99954 mes5/i586/libwbclient0-3.2.13-0.2mdvmes5.i586.rpm
ba39d40a934553466653ab3ae15150dd mes5/i586/libwbclient-devel-3.2.13-0.2mdvmes5.i586.rpm
38b55ad1d8a225ace7b4a5ad9cc068a8 mes5/i586/mount-cifs-3.2.13-0.2mdvmes5.i586.rpm
ef930361464e5987300a2c68623605b0 mes5/i586/nss_wins-3.2.13-0.2mdvmes5.i586.rpm
1dec5cfa4740ebe79b7b9e57b701c571 mes5/i586/samba-client-3.2.13-0.2mdvmes5.i586.rpm
dba7905d92718f15026c74856a5fd11a mes5/i586/samba-common-3.2.13-0.2mdvmes5.i586.rpm
be93a92f129b90a82683b2d5ed798086 mes5/i586/samba-doc-3.2.13-0.2mdvmes5.i586.rpm
7065565daa66360f5c1f037fd5e11bde mes5/i586/samba-server-3.2.13-0.2mdvmes5.i586.rpm
efb3b8d697cdfea9297581749a3774d3 mes5/i586/samba-swat-3.2.13-0.2mdvmes5.i586.rpm
56e3121bb0b17cc0e7208ad7cf897861 mes5/i586/samba-winbind-3.2.13-0.2mdvmes5.i586.rpm
e37bf698cb6291fabb03c191822940a4 mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
5c81cae7fb76d796272a9995e6c3b7c6 mes5/x86_64/lib64netapi0-3.2.13-0.2mdvmes5.x86_64.rpm
c8ca656e7706b2f0ffca58483e7a315f mes5/x86_64/lib64netapi-devel-3.2.13-0.2mdvmes5.x86_64.rpm
b09f4161a8dc94fc286475d379d5f184 mes5/x86_64/lib64smbclient0-3.2.13-0.2mdvmes5.x86_64.rpm
4605d39bdcce2156aa57915ac0cd9805 mes5/x86_64/lib64smbclient0-devel-3.2.13-0.2mdvmes5.x86_64.rpm
636b818e46df1740bc5a0b0a9e07bade mes5/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdvmes5.x86_64.rpm
2ccaec3e555174c9f01be4d56fb0bcec mes5/x86_64/lib64smbsharemodes0-3.2.13-0.2mdvmes5.x86_64.rpm
942ab9c47844b304bc614dda4f92af43 mes5/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdvmes5.x86_64.rpm
e9615b13fab8296413c6c1b090d274fd mes5/x86_64/lib64talloc1-3.2.13-0.2mdvmes5.x86_64.rpm
2694c1b30151bca31e67b42dfe19bbd9 mes5/x86_64/lib64talloc-devel-3.2.13-0.2mdvmes5.x86_64.rpm
fe2909c38bc45d6de90960e294352908 mes5/x86_64/lib64tdb1-3.2.13-0.2mdvmes5.x86_64.rpm
0cf2b56b5da499c8facdefff4d94b0bd mes5/x86_64/lib64tdb-devel-3.2.13-0.2mdvmes5.x86_64.rpm
54e33bc818f206dc9164faf76e85fc5c mes5/x86_64/lib64wbclient0-3.2.13-0.2mdvmes5.x86_64.rpm
88ed36e49c31f49a66a86fa4ff8e2b25 mes5/x86_64/lib64wbclient-devel-3.2.13-0.2mdvmes5.x86_64.rpm
0c2a3fda8a2daf1d6ff7be6e36c4a077 mes5/x86_64/mount-cifs-3.2.13-0.2mdvmes5.x86_64.rpm
29723b335614bd95ed628de185094fa5 mes5/x86_64/nss_wins-3.2.13-0.2mdvmes5.x86_64.rpm
a29c280fafbbcb2dfb42ea8bc8c56ae3 mes5/x86_64/samba-client-3.2.13-0.2mdvmes5.x86_64.rpm
3636cd013a6e529f18d4b49455c9a686 mes5/x86_64/samba-common-3.2.13-0.2mdvmes5.x86_64.rpm
91a2df862fd97dcd6b6396e788da1206 mes5/x86_64/samba-doc-3.2.13-0.2mdvmes5.x86_64.rpm
1f4c9cbc1f8dc635e7a1aa3d5523d807 mes5/x86_64/samba-server-3.2.13-0.2mdvmes5.x86_64.rpm
bb1172236f7389c22d942f804c9e34a1 mes5/x86_64/samba-swat-3.2.13-0.2mdvmes5.x86_64.rpm
55bdb438e23ae8e3cc131298800d9a98 mes5/x86_64/samba-winbind-3.2.13-0.2mdvmes5.x86_64.rpm
e37bf698cb6291fabb03c191822940a4 mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKfC47mqjQ0CJFipgRAkmVAKDi+Xf6tkPhj3JcORD5Amnalh4SqgCgwyVn
aO4amfUxj9NmDgveW0qyYhw=
=/U8f
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close