NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] Sun Solaris update for Samba

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Apr 21 2003 - 17:16:03 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Sun Solaris update for Samba

READ ONLINE:
http://www.secunia.com/advisories/8627/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

OPERATING SYSTEM:
Sun Solaris 9

DESCRIPTION:
Sun has issued a patch for Solaris 9. This fixes an older
vulnerability in samba, which can be exploited by malicious people to
compromise a vulnerable server.

The vulnerability is caused due to a boundary error in the length
checking code for password change requests from clients. A malicious
user can exploit this by sending a request containing a specially
crafted, encrypted password to a vulnerable system, which causes a
buffer overflow, when the encrypted password is decrypted.

Successful exploitation can cause a DoS (Denial of Service) and
potentially allow execution of arbitrary code on the system.

SOLUTION:
Apply patch.

SPARC:
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114684&rev=01

x86:
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114685&rev=01

REPORTED BY / CREDITS:
Steve Langasek

ORIGINAL ADVISORY:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53580&zone_32=category%3Asecurity

OTHER REFERENCES:
http://www.kb.cert.org/vuls/id/958321

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]