Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 58018

Summary: net-fs/samba: swat, ldapsam and smb.conf hash buffer overflow
Product: Gentoo Security Reporter: Christian Andreetta (RETIRED) <satya>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: satya
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---

Description Christian Andreetta (RETIRED) gentoo-dev 2004-07-22 23:51:49 UTC 
unaffected: >=samba-3.0.5, >=samba-2.2.10
From samba-announce mailing list:
==========================================================================
Summary:       Potential Buffer Overruns in Samba 3.0 and Samba 2.2
CVE ID:        CAN-2004-0600, CAN-2004-0686
~               (http://cve.mitre.org/)

- -------------
CAN-2004-0600
- -------------

Affected Versions:      >= v3.0.2

The internal routine used by the Samba Web Administration
Tool (SWAT v3.0.2 and later) to decode the base64 data
during HTTP basic authentication is subject to a buffer
overrun caused by an invalid base64 character.  It is
recommended that all Samba v3.0.2 or later installations
running SWAT either (a) upgrade to v3.0.5, or (b) disable
the swat administration service as a temporary workaround.

This same code is used internally to decode the
sambaMungedDial attribute value when using the ldapsam
passdb backend. While we do not believe that the base64
decoding routines used by the ldapsam passdb backend can
be exploited, sites using an LDAP directory service with
Samba are strongly encouraged to verify that the DIT only
allows write access to sambaSamAccount attributes by a
sufficiently authorized user.

The Samba Team would like to heartily thank Evgeny Demidov
for analyzing and reporting this bug.


- -------------
CAN-2004-0686
- -------------

Affected Versions:      >= v2.2.9, >= v3.0.0


A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter in Samba 3 is
'mangling method = hash2' and therefore not vulnerable.

Affected Samba installations can avoid this possible security
bug by using the hash2 mangling method.  Server installations
requiring the hash mangling method are encouraged to upgrade
to Samba 3.0.5 (or 2.2.10).

~              --------------------------------------


Samba 3.0.5 and 2.2.10 are identical to the previous release
in each respective series with the exception of fixing these
issues. Samba 3.0.5rc1 has been removed from the download area
on Samba.org and 3.0.6rc2 will be available later this week.
==========================================================================
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-22 23:58:38 UTC 

*** This bug has been marked as a duplicate of 57962 ***