Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

UnixWare 7.1.4 : Samba multiple security issues

from [please_reply_to_security] Network Security [Permanent Link]
Subject: UnixWare 7.1.4 : Samba multiple security issues
Date: Mon, 7 Mar 2005 14:47:55 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 : Samba multiple security issues
Advisory number:        SCOSA-2005.17
Issue date:             2005 February 11
Cross reference:        sr892475 fz530644 erg712754 sr892165 fz530486 erg712735 
CAN-2004-0930 CAN-2004-0882 CAN-2004-1154
______________________________________________________________________________


1. Problem Description

        Samba provides file and print services to windows clients.
        Several security issues are fixed by this patch. 

        The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
        other versions allows remote authenticated users to cause
        a denial of service (CPU consumption) via a SAMBA request
        that contains multiple SCOSA-2005.17.in SCOSA-2005.17.txt
        samba.pkg (wildcard) characters. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0930 to this issue. 

        Buffer overflow in the QFILEPATHINFO request handler in Samba 
        3.0.x through 3.0.7 may allow remote attackers to execute 
        arbitrary code via a TRANSACT2_QFILEPATHINFO request with 
        a small "maximum data bytes" value. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0882 to this issue. 

        Integer overflow in the Samba daemon (smbd) in Samba 2.x and 
        3.0.x through 3.0.9 allows remote authenticated users to cause 
        a denial of service (application crash) and possibly execute 
        arbitrary code via a Samba request with a large number of 
        security descriptors that triggers a heap-based buffer overflow. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-1154 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  distribution    

3. Solution

        The proper solution is to install the latest packages.

4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17

        The fixes are also available in SCO UnixWare 7.1.4 Mantenance Pack 2

        http://www.sco.com/support/update/download/release.php?rid=58

        4.2 Verification

        MD5 (samba.pkg) = 95a6af2eb579624623ff0ceddc9e8c09

        or
        
        MD5 (uw714mp2.iso) = 335919be68f54253852cb8abca11814a

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download samba.pkg to the /var/spool/pkg directory

        # pkgadd -d /var/spool/pkg/samba.pkg

        or

        See ftp://ftp.sco.com/pub/unixware7/714/mp/mp2/uw714mp2.txt


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr892475 fz530644
        erg712754 sr892165 fz530486 erg712735.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        SCO would like to thank Karol Wiesek, Stefan Esser, and Greg MacManus.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCI3DQaqoBO7ipriERAn37AJ0a1r/VkENTW7Z+6Ljg40vQb2Vh2ACeICbV
RFqsA9B8HmBMEJAP9xVdojY=
=S89A
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • UnixWare 7.1.4 : Samba multiple security issues, please_reply_to_security <=
Previous by Date:  Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan
Next by Date:  UnixWare 7.1.4 : squid updated package fixes several security issues, please_reply_to_security
Previous by Thread:  Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan
Next by Thread:  UnixWare 7.1.4 : squid updated package fixes several security issues, please_reply_to_security
Indexes:  [Date] [Thread] [Top] [All Lists]