Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 57962

Summary: net-fs/samba >= 2.2.9 and >= 3.0.0 have a buffer overflow bug
Product: Gentoo Security Reporter: Michael Glauche (RETIRED) <mglauche>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: satya
Priority: Highest    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.samba.org/samba/whatsnew/samba-3.0.5.html
Whiteboard: B1 [glsa] koon
Package list:
Runtime testing required: ---

Description Michael Glauche (RETIRED) gentoo-dev 2004-07-22 07:03:30 UTC 
Need to upgrade to the latest Samba 3.0.5, i'm currently working on an ebuild

-------------
CAN-2004-0600
-------------

Affected Versions:      Samba 3.0.2 and later

The internal routine used by the Samba Web Administration
Tool (SWAT v3.0.2 and later) to decode the base64 data
during HTTP basic authentication is subject to a buffer
overrun caused by an invalid base64 character.  It is
recommended that all Samba v3.0.2 or later installations
running SWAT either (a) upgrade to v3.0.5, or (b) disable
the swat administration service as a temporary workaround.

This same code is used internally to decode the
sambaMungedDial attribute value when using the ldapsam
passdb backend. While we do not believe that the base64
decoding routines used by the ldapsam passdb backend can
be exploited, sites using an LDAP directory service with
Samba are strongly encouraged to verify that the DIT only
allows write access to sambaSamAccount attributes by a
sufficiently authorized user.

The Samba Team would like to heartily thank Evgeny Demidov
for analyzing and reporting this bug.


-------------
CAN-2004-0686
-------------

Affected Versions:      Samba 3.0.0 and later

A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable.

Affected Samba 3 installations can avoid this possible security
bug by using the default hash2 mangling method.  Server
installations requiring the hash mangling method are encouraged
to upgrade to Samba 3.0.5.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Michael Glauche (RETIRED) gentoo-dev 2004-07-22 07:47:51 UTC 
ebuild commited to cvs
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-07-22 09:12:19 UTC 
Arches: please mark net-fs/samba-3.0.5 stable
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-22 23:58:07 UTC 
*** Bug 58019 has been marked as a duplicate of this bug. ***
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-22 23:58:42 UTC 
*** Bug 58018 has been marked as a duplicate of this bug. ***
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-07-23 12:05:15 UTC 
I'll draft it
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-07-26 01:39:28 UTC 
amd64, ppc : please mark >=3.0.5 stable so that the GLSA can go out.
arm, ia64, mips, s390 : please mark stable to benefit from the GLSA.
Comment 7 Stephen Becker (RETIRED) gentoo-dev 2004-07-26 05:47:14 UTC 
I found that samba 3.0.5 wouldn't build on my mips machines.  However, it is quite possibly a gcc 3.4 problem.  Can anyone confirm this with gcc 3.3.x?  If so, it shouldn't be stable on mips at all, security issue or not.
Comment 8 Jason Huebel (RETIRED) gentoo-dev 2004-07-27 09:34:55 UTC 
stable on amd64
Comment 9 Joshua Kinard gentoo-dev 2004-07-27 22:16:06 UTC 
3.0.5 stable on mips.
Comment 10 SpanKY gentoo-dev 2004-07-28 17:32:22 UTC 
stable on ppc now
Comment 11 SpanKY gentoo-dev 2004-07-28 20:50:57 UTC 
stable on the arm !
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-07-29 00:48:32 UTC 
Ready for GLSA publication.
ia64, s390 : don't forget to mark stable to benefit from the GLSA.
Comment 13 Kurt Lieber (RETIRED) gentoo-dev 2004-07-29 06:22:17 UTC 
glsa 200407-21