-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:224-2 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : November 23, 2007 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service (CVE-2007-4572). As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges (CVE-2007-5398). Update: The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 https://bugzilla.samba.org/show_bug.cgi?id=5087 _______________________________________________________________________ Updated Packages: Corporate 4.0: 41c2b0ec626a62d4636469f0a4abc122 corporate/4.0/i586/libsmbclient0-3.0.23d-2.5.20060mlcs4.i586.rpm b2380f5bb41f43b140f712d2779c464b corporate/4.0/i586/libsmbclient0-devel-3.0.23d-2.5.20060mlcs4.i586.rpm de0444838b89e9c131f6b0a4621e2e2f corporate/4.0/i586/libsmbclient0-static-devel-3.0.23d-2.5.20060mlcs4.i586.rpm b873f3f0abfb534032b3af386e93d140 corporate/4.0/i586/mount-cifs-3.0.23d-2.5.20060mlcs4.i586.rpm a19c2bcee8113213eb4604e5c0332911 corporate/4.0/i586/nss_wins-3.0.23d-2.5.20060mlcs4.i586.rpm 50b566c72bd6271192a7941ad59a7cb0 corporate/4.0/i586/samba-client-3.0.23d-2.5.20060mlcs4.i586.rpm 2dff89b3d6a67a01c6cafea248eb71d5 corporate/4.0/i586/samba-common-3.0.23d-2.5.20060mlcs4.i586.rpm 0bf0b632e3fc568419c97c1877f6bc4c corporate/4.0/i586/samba-doc-3.0.23d-2.5.20060mlcs4.i586.rpm 23c27abc018ae65533908a1baca2c0c7 corporate/4.0/i586/samba-server-3.0.23d-2.5.20060mlcs4.i586.rpm 60b7b583274f43499c3bdf3559aa302f corporate/4.0/i586/samba-smbldap-tools-3.0.23d-2.5.20060mlcs4.i586.rpm 5c9056e048d98cb58e8a35894c736276 corporate/4.0/i586/samba-swat-3.0.23d-2.5.20060mlcs4.i586.rpm da5beb0046cd83d9933ea831b5e9c438 corporate/4.0/i586/samba-vscan-clamav-3.0.23d-2.5.20060mlcs4.i586.rpm e0249c1674d0522193c3e70202435320 corporate/4.0/i586/samba-vscan-icap-3.0.23d-2.5.20060mlcs4.i586.rpm 796fedbfd45837999675bb5b4045235d corporate/4.0/i586/samba-winbind-3.0.23d-2.5.20060mlcs4.i586.rpm 5f40353a213e2bebebf371c72ddfe2b1 corporate/4.0/SRPMS/samba-3.0.23d-2.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: c9c0d5dcb254f6305600bb02eb0e3b18 corporate/4.0/x86_64/lib64smbclient0-3.0.23d-2.5.20060mlcs4.x86_64.rpm 09be16e2d1ea685279c37eeff6a90e0b corporate/4.0/x86_64/lib64smbclient0-devel-3.0.23d-2.5.20060mlcs4.x86_64.rpm 5e94d4196f379cfec358ed1b736b03bc corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.5.20060mlcs4.x86_64.rpm 088f9e80ba87e192b8737bee83dac91a corporate/4.0/x86_64/mount-cifs-3.0.23d-2.5.20060mlcs4.x86_64.rpm 27a9ed71a0c76a375fc5e1120296d341 corporate/4.0/x86_64/nss_wins-3.0.23d-2.5.20060mlcs4.x86_64.rpm 9753f110549bd52f3bd84726318dc9ec corporate/4.0/x86_64/samba-client-3.0.23d-2.5.20060mlcs4.x86_64.rpm 11d1dce709be01ed76536298ad85885b corporate/4.0/x86_64/samba-common-3.0.23d-2.5.20060mlcs4.x86_64.rpm 6b282e5e806ac2d0d6f1562552fc73fa corporate/4.0/x86_64/samba-doc-3.0.23d-2.5.20060mlcs4.x86_64.rpm c758477f5625979ae3068440c7abacb0 corporate/4.0/x86_64/samba-server-3.0.23d-2.5.20060mlcs4.x86_64.rpm ffb25096a90df95d53130b2fa34a3163 corporate/4.0/x86_64/samba-smbldap-tools-3.0.23d-2.5.20060mlcs4.x86_64.rpm 0f6ead84c3367e6e5137e03318adccbf corporate/4.0/x86_64/samba-swat-3.0.23d-2.5.20060mlcs4.x86_64.rpm 93bf12146ec482a77a8ed3275a9dab36 corporate/4.0/x86_64/samba-vscan-clamav-3.0.23d-2.5.20060mlcs4.x86_64.rpm 664e2ce74d16bdced6d54e14d93b8fa2 corporate/4.0/x86_64/samba-vscan-icap-3.0.23d-2.5.20060mlcs4.x86_64.rpm 1e1807df9dafdd4492f73f09cca5aff4 corporate/4.0/x86_64/samba-winbind-3.0.23d-2.5.20060mlcs4.x86_64.rpm 5f40353a213e2bebebf371c72ddfe2b1 corporate/4.0/SRPMS/samba-3.0.23d-2.5.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHRzKvmqjQ0CJFipgRAs5EAKCJQk0THNKipbkmLa9g8V7YqzQCqgCgyUng oxNUAyTf1Yb0f1iysqfTW+s= =7bX7 -----END PGP SIGNATURE-----