 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 28 Oct 2009 11:46:50 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: samba security and bug fix update
Issue date: 2009-10-27
CVE Names: CVE-2009-1888 CVE-2009-2813 CVE-2009-2906
CVE-2009-2948
A denial of service flaw was found in the Samba smbd daemon. An
authenticated, remote user could send a specially-crafted response that
would cause an smbd child process to enter an infinite loop. An
authenticated, remote user could use this flaw to exhaust system
resources by opening multiple CIFS sessions. (CVE-2009-2906)
An uninitialized data access flaw was discovered in the smbd daemon when
using the non-default "dos filemode" configuration option in "smb.conf".
An authenticated, remote user with write access to a file could possibly
use this flaw to change an access control list for that file, even when
such access should have been denied. (CVE-2009-1888)
A flaw was discovered in the way Samba handled users without a home
directory set in the back-end password database (e.g. "/etc/passwd"). If
a share for the home directory of such a user was created (e.g. using
the automated "[homes]" share), any user able to access that share could
see the whole file system, possibly bypassing intended access
restrictions.(CVE-2009-2813)
The mount.cifs program printed CIFS passwords as part of its debug
output when running in verbose mode. When mount.cifs had the setuid bit
set, a local, unprivileged user could use this flaw to disclose
passwords from a file that would otherwise be inaccessible to that user.
Note: mount.cifs from the samba packages distributed by Red Hat does not
have the setuid bit set. This flaw only affected systems where the
setuid bit was manually set by an administrator. (CVE-2009-2948)
This update also fixes the following bug for SL3:
* an earlier update added code to escape input passed to scripts
that are run by Samba. This code was missing "c" from the list of valid
characters, causing it to be escaped. With this update, the previous
patch has been updated to include "c" in the list of valid characters.
(BZ#242754)
After installing this update, the smb service will be restarted
automatically.
SL 3.0.x
SRPMS:
samba-3.0.9-1.3E.16.src.rpm
i386:
samba-3.0.9-1.3E.16.i386.rpm
samba-client-3.0.9-1.3E.16.i386.rpm
samba-common-3.0.9-1.3E.16.i386.rpm
samba-swat-3.0.9-1.3E.16.i386.rpm
x86_64:
samba-3.0.9-1.3E.16.i386.rpm
samba-3.0.9-1.3E.16.x86_64.rpm
samba-client-3.0.9-1.3E.16.x86_64.rpm
samba-common-3.0.9-1.3E.16.i386.rpm
samba-common-3.0.9-1.3E.16.x86_64.rpm
samba-swat-3.0.9-1.3E.16.x86_64.rpm
SL 4.x
SRPMS:
samba-3.0.33-0.18.el4_8.src.rpm
i386:
samba-3.0.33-0.18.el4_8.i386.rpm
samba-client-3.0.33-0.18.el4_8.i386.rpm
samba-common-3.0.33-0.18.el4_8.i386.rpm
samba-swat-3.0.33-0.18.el4_8.i386.rpm
x86_64:
samba-3.0.33-0.18.el4_8.x86_64.rpm
samba-client-3.0.33-0.18.el4_8.x86_64.rpm
samba-common-3.0.33-0.18.el4_8.i386.rpm
samba-common-3.0.33-0.18.el4_8.x86_64.rpm
samba-swat-3.0.33-0.18.el4_8.x86_64.rpm
SL 5.x
SRPMS:
samba-3.0.33-3.15.el5_4.src.rpm
i386:
samba-3.0.33-3.15.el5_4.i386.rpm
samba-client-3.0.33-3.15.el5_4.i386.rpm
samba-common-3.0.33-3.15.el5_4.i386.rpm
samba-swat-3.0.33-3.15.el5_4.i386.rpm
x86_64:
samba-3.0.33-3.15.el5_4.x86_64.rpm
samba-client-3.0.33-3.15.el5_4.x86_64.rpm
samba-common-3.0.33-3.15.el5_4.i386.rpm
samba-common-3.0.33-3.15.el5_4.x86_64.rpm
samba-swat-3.0.33-3.15.el5_4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
