OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Support Info (supinfocaldera.com)
Date: Wed Jun 27 2001 - 13:28:36 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ______________________________________________________________________________
                       Caldera International, Inc. Security Advisory

    Subject: Linux - samba /tmp problems
    Advisory number: CSSA-2001-018.1
    Issue date: 2001 May, 18
    Last change: 2001 June, 26
    Cross reference: CSSA-2001-015.0
    ______________________________________________________________________________

    1. Problem Description

       The previous Samba update fixed several places within the
       samba server code that allowed local attackers to gain root
       access.

       Unfortunately the patch used was slightly incorrect and did not
       fix the problem completely.

       The Samba 2.0.9 release fixes this problem, this security
       update backports it to our released Samba packages.

       This additional CSSA releases fixed packages for the OpenLinux
       3.1 series of products.

    2. Vulnerable Versions

       System Package
       -----------------------------------------------------------
       OpenLinux 2.3 All packages previous to
                                       samba-2.0.5-3

       OpenLinux eServer 2.3.1 All packages previous to
       and OpenLinux eBuilder samba-2.0.5-3S

       OpenLinux eDesktop 2.4 All packages previous to
                                       samba-2.0.6-4

       OpenLinux 3.1 Server All packages previous to
                                    samba-2.0.9-1

       OpenLinux 3.1 Workstation All packages previous to
                                    samba-2.0.9-1

    3. Solution

       Workaround

          none

       The proper solution is to upgrade to the latest packages.

    4. OpenLinux 2.3

       4.1 Location of Fixed Packages

           The upgrade packages can be found on Caldera's FTP site at:

           ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

           The corresponding source code package can be found at:

           ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

       4.2 Verification

           6538311492da60de2fd81e4579c786af RPMS/samba-2.0.5-3.i386.rpm
           098d66faee2cc1c50921f39dcd473aa2 RPMS/samba-doc-2.0.5-3.i386.rpm
           fd564ec85358666bcfb5b691bd86f416 RPMS/smbfs-2.0.5-3.i386.rpm
           111c64faf3524930b6c648beba2a7e62 RPMS/swat-2.0.5-3.i386.rpm
           8fb09b8512aee8d5164d5fa9abef8205 SRPMS/samba-2.0.5-3.src.rpm

       4.3 Installing Fixed Packages

           Upgrade the affected packages with the following commands:

              rpm -Fhv s*.i386.rpm

    5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

       5.1 Location of Fixed Packages

           The upgrade packages can be found on Caldera's FTP site at:

           ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

           The corresponding source code package can be found at:

           ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

       5.2 Verification

           39cc6ebd5216649346a7091395aee135 RPMS/samba-2.0.5-3S.i386.rpm
           b4278e491326d4ce3a7b81d017872bce RPMS/samba-doc-2.0.5-3S.i386.rpm
           d3b59dfa2a365a6c0a13d580164f8b58 RPMS/smbfs-2.0.5-3S.i386.rpm
           cef24c9d65a9365ccec3753828c5c945 RPMS/swat-2.0.5-3S.i386.rpm
           e35e8e614a4d5f597b5f9a764162778d SRPMS/samba-2.0.5-3S.src.rpm

       5.3 Installing Fixed Packages

           Upgrade the affected packages with the following commands:

              rpm -Fvh s*i386.rpm

    6. OpenLinux eDesktop 2.4

       6.1 Location of Fixed Packages

           The upgrade packages can be found on Caldera's FTP site at:

           ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

           The corresponding source code package can be found at:

           ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

       6.2 Verification

           1ff64fd57d531816037ac1c1d18b6abd RPMS/samba-2.0.6-4.i386.rpm
           cdb3f575cbbc503699bf71e53354e382 RPMS/samba-doc-2.0.6-4.i386.rpm
           e7b7c7eb3b1ad3a80f45904607488eec RPMS/smbfs-2.0.6-4.i386.rpm
           3d1b49c60f4359b0ee95dd5457f72ccf RPMS/swat-2.0.6-4.i386.rpm
           b7ec58e0edc4217b2c8f19f3edb3de95 SRPMS/samba-2.0.6-4.src.rpm

       6.3 Installing Fixed Packages

           Upgrade the affected packages with the following commands:

           rpm -Fvh s*i386.rpm

    7. OpenLinux 3.1 Server

       7.1 Location of Fixed Packages

           The upgrade packages can be found on Caldera's FTP site at:

           ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/

           The corresponding source code package can be found at:

           ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

       7.2 Verification

           e7c8db2cc3bfae03b5aba9fc9df595b5 RPMS/samba-2.0.9-1.i386.rpm
           b2c321bc2662ed5a35738a8cbde612bd RPMS/samba-doc-2.0.9-1.i386.rpm
           166ba51b4da417bda080ca8fbecf5fda RPMS/smbfs-2.0.9-1.i386.rpm
           b3c5fd3f03c244b21942b2e4fb32f044 RPMS/swat-2.0.9-1.i386.rpm
           8cf2bd7ab81c83bb15808a9c58e7383c SRPMS/samba-2.0.9-1.src.rpm

       7.3 Installing Fixed Packages

           Upgrade the affected packages with the following commands:

               rpm -Fvh s*i386.rpm

           or start kcupdate, the Caldera OpenLinux Update Manager

    8. OpenLinux 3.1 Workstation

       8.1 Location of Fixed Packages

           The upgrade packages can be found on Caldera's FTP site at:

           ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/

           The corresponding source code package can be found at:

           ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

       8.2 Verification

           e7c8db2cc3bfae03b5aba9fc9df595b5 RPMS/samba-2.0.9-1.i386.rpm
           b2c321bc2662ed5a35738a8cbde612bd RPMS/samba-doc-2.0.9-1.i386.rpm
           166ba51b4da417bda080ca8fbecf5fda RPMS/smbfs-2.0.9-1.i386.rpm
           b3c5fd3f03c244b21942b2e4fb32f044 RPMS/swat-2.0.9-1.i386.rpm
           8cf2bd7ab81c83bb15808a9c58e7383c SRPMS/samba-2.0.9-1.src.rpm

       8.3 Installing Fixed Packages

           Upgrade the affected packages with the following commands:

               rpm -Fvh s*i386.rpm

           or start kcupdate, the Caldera OpenLinux Update Manager

    9. References

       This and other Caldera security resources are located at:

       http://www.caldera.com/support/security/index.html

       This security fix closes Caldera's internal Problem Report 9736.

    10.Disclaimer

       Caldera International, Inc. is not responsible for the misuse of
       any of the information we provide on this website and/or through our
       security advisories. Our advisories are a service to our customers
       intended to promote secure installation and use of Caldera International
       products.

    11.Acknowledgements:

       Caldera International wishes to thank the Samba Team for spotting and
       fixing this problem.
    ______________________________________________________________________________
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE7OFXk18sy83A/qfwRApNnAKCVsyfb//eq6psoPy/0JPKKozSRmQCeNu4b
    u0BmR6q7JZESKe+NX6GzrSM=
    =Z6vG
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: announce-unsubscribelists.caldera.com
    For additional commands, e-mail: announce-helplists.caldera.com