Archive of FreeBSD Security general posting, [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:01

07/04/03, [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:01
From: FreeBSD Security Advisories <security-advisories@freebsd.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:01
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
Date: Mon, 7 Apr 2003 06:41:31 -0700 (PDT)
List-archive: <http://lists.freebsd.org/pipermail/freebsd-announce>
List-help: <mailto:freebsd-announce-request@freebsd.org?subject=help>
List-id: Project Announcements [moderated] <freebsd-announce.freebsd.org>
List-post: <mailto:freebsd-announce@freebsd.org>
List-subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-announce>,<mailto:freebsd-announce-request@freebsd.org?subject=subscribe>
List-unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-announce>,<mailto:freebsd-announce-request@freebsd.org?subject=unsubscribe>
Mail-from: From owner-freebsd-announce@freebsd.org Tue Apr 8 01:12:29 2003
Reply-to: security-advisories@freebsd.org
Sender: owner-freebsd-announce@freebsd.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SN-03:01                                              Security Notice
                                                          The FreeBSD Project

Topic:          security issue in samba ports
Announced:      2003-04-07

I.   Introduction

Several ports in the FreeBSD Ports Collection are affected by security
issues.  These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.
The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted.

These ports are not installed by default, nor are they ``part of
FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format.  FreeBSD makes
no claim about the security of these third-party applications.  See
<URL:http://www.freebsd.org/ports/> for more information about the
FreeBSD Ports Collection.

II.  Ports

+------------------------------------------------------------------------+
Port name:      net/samba
Affected:       versions < samba-2.2.8_2, samba-2.2.8a
Status:         Fixed

Two vulnerabilities recently:

(1) Sebastian Krahmer of the SuSE Security Team identified
vulnerabilities that could lead to arbitrary code execution as root,
as well as a race condition that could allow overwriting of system
files.  (This vulnerability was previously fixed in Samba 2.2.8.)

(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited
correctly, leads to an anonymous user gaining root access on a Samba
serving system. All versions of Samba up to and including Samba 2.2.8
are vulnerable. Alpha versions of Samba 3.0 and above are *NOT*
vulnerable.''

<URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 >
+------------------------------------------------------------------------+
Port name:      net/samba-tng
Affected:       all versions
Status:         Not fixed

Some or all of the vulnerabilities affecting Samba may also affect
Samba-TNG.  No confirmation or official patches are available at the
time of this security notice.
+------------------------------------------------------------------------+

III. Upgrading Ports/Packages

To upgrade a fixed port/package, perform one of the following:

1) Upgrade your Ports Collection and rebuild and reinstall the port.
Several tools are available in the Ports Collection to make this
easier.  See:
  /usr/ports/devel/portcheckout
  /usr/ports/misc/porteasy
  /usr/ports/sysutils/portupgrade

2) Deinstall the old package and install a new package obtained from

[FreeBSD 4.x, i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/

[FreeBSD 5.x, i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/

Packages are not automatically generated for other architectures at
this time.

Note that new, official packages may not be available on all mirrors
immediately.  In the interim, Security Officer-generated packages (and
detached digital signatures) are available for the i386 architecture
at:

[FreeBSD 4.x, i386]
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc

[FreeBSD 5.x]
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc


+------------------------------------------------------------------------+
FreeBSD Security Notices are communications from the Security Officer
intended to inform the user community about potential security issues,
such as bugs in the third-party applications found in the Ports
Collection, which will not be addressed in a FreeBSD Security
Advisory.

Feedback on Security Notices is welcome at <security-team@FreeBSD.org>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem
4q3eO8IxTujzRR2QwH4eyK4=
=/4KW
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"



Next message sorted by date: [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:02
Next message by thread: [FreeBSD-Announce] FreeBSD Security Notice FreeBSD-SN-03:02
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2004