Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities

From Thijs Kinkhorst@1:229/2 to All on Thu Jun 25 21:20:06 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1823-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
June 25, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : samba
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1886 CVE-2009-1888

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-1886

The smbclient utility contains a formatstring vulnerability where
commands dealing with file names treat user input as format strings
to asprintf.

CVE-2009-1888

In the smbd daemon, if a user is trying to modify an access control
list (ACL) and is denied permission, this deny may be overridden if
the parameter "dos filemode" is set to "yes" in the smb.conf and the
user already has write access to the file.

The old stable distribution (etch) is not affected by these problems.

For the stable distribution (lenny), these problems have been fixed in
version 3.2.5-4lenny6.

The unstable distribution (sid), which is only affected by CVE-2009-1888,
will be fixed soon.

We recommend that you upgrade your samba package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.dsc
Size/MD5 checksum: 2129 db28861cc892f2d668f1bfab3cb6c3c7
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.diff.gz
Size/MD5 checksum: 230084 d852787acdea471c6360411043ca5e2d

Architecture independent packages:

http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny6_all.deb
Size/MD5 checksum: 7952816 bd2754bfb3b0ddcedab4981f12e7dc48
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny6_all.deb
Size/MD5 checksum: 6252144 db04f0a55b0bbb6955a3ba832ca5857a

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 637434 f7ad1cd7fbea3fa8e96dca5d5d0bea89
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 5729860 b1539b6bbd17875e807eaf43ab08afa7
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 3273732 7aa5ee1eb1f248e070783226aedfeafb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 1945070 69739418fd22e38b89e092d0ce675b10
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 3735958 370be95e60a9dab92622b4c20ddac73e
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 1461494 fe735e7d26cbcb180ab7ec294f687542
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 81336 f196a258751e9e460968980f6c0f0adf
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 4829906 c80836141dc2957cbb89d3e03ebb6eb3
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 6952908 bb8318576e63be9ba0deb142c40f4931
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 2572478 8288895fedee4af735bd2cc246e5e14e
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 1078250 7078de90bd6987f40902218b5f21ebad
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_alpha.deb
Size/MD5 checksum: 1333128 6d86a0a6efd05a74358982a927487400

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 1082526 1216bc7530570a8952cec672bbf4d545
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 7004108 88e0b32dbb34a77838e7c4d77bfa3344
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 5647540 4a89061ec0beb98542451f0a38a0ee36
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 4775304 a62bff040c466df7902475a6051b0ce0
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 1358734 8a0dab5075cc8968fc28a94c460a1489
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 627654 c90bc8775c907462f1b2be314cce54b0
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 80314 7a879cdabf79883eccc66955092b9161
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 1995414 a58fda29c17854fe339cdb6292ea305a
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 1493214 041b86c0219270b975732ae041ee2615
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 3277188 623bbf4f69d3353b934663908543ddaf
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_amd64.deb
Size/MD5 checksum: 3727478 4cd1814846a7aafd990d40bfca784955

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:57:18
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,518

[SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities

Who's Online

Recent Visitors

System Info