ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá












     áòèé÷ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] Cert Advisory: security hole allows unauthorized remote users to obtain root access on the Samba server



- -----BEGIN PGP SIGNED MESSAGE-----

            IMPORTANT: Security bugfix for Samba - all versions
            ---------------------------------------------------

A security hole in all versions of Samba has been recently
discovered. The security hole allows unauthorized remote users to
obtain root access on the Samba server.

An exploit for this security hole has been posted to the internet so
system administrators should assume that this hole is being actively
exploited.

The exploit for the security hole is very architecture specific and
has been only demonstrated to work for Samba servers running on Intel
based platforms. The exploit posted to the internet is specific to
Intel Linux servers. It would be very difficult to produce an exploit
for other architectures but it may be possible.

A new release of Samba has now been made that fixes the security
hole. The new release is version 1.9.17p2 and is available from :

ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz

The md5 checksum of this new version is:

27ac28ccf084268ba5c8c0b3a0ed12e4 b samba-1.9.17p2.tar.gz

This release also adds a routine which logs a message if anyone
attempts to take advantage of the security hole. The message (in the
Samba log files) will look like this:

        ERROR: Invalid password length 999
        your machine may be under attack by a user exploiting an old bug
        Attack was from IP=aaa.bbb.ccc.ddd

where aaa.bbb.ccc.ddd is the IP address of the machine performing the
attack.

The "Samba Survey" containing the current list of Samba users that is
hosted on the Samba Web site has been temporarily suspended to remove
a list of potentially vulnerable sites. All users on this list will
be contacted and encouraged to upgrade.

Any new information will be made available on the Samba WWW site at
http://samba.anu.edu.au/samba

To report bugs and ask questions about the fix please email :
samba-bugs@samba.anu.edu.au.


        The Samba Team
        samba-bugs@samba.anu.edu.au

- -----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBNDHbEGNSlURsK/StAQEvbwP/Z4b56i42IGcHX7FExNJOSCUM2ggjucI6
koqc8sS8xj5ciOsnBBVFf+14C9+tG/hT4/4CJkwLeJ+PeaXWHkGof++Xn0TGACO9
DBzszrZDYLq0fP/4O/W+Ot0AoHjnW7JzNlC2TWyNO4RCFIxq1mmBCo6CY6ksWhNO
v7z4oThyhLE=
=8yla
- -----END PGP SIGNATURE-----


========================FORWARDED TEXT ENDS HERE=============================

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST). See http://www.first.org/team-info/.

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.

Location of CERT PGP key
         ftp://ftp.cert.org/pub/CERT_PGP.key


CERT Contact Information
- ------------------------
Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890
        USA

CERT publications, information about FIRST representatives, and other
security-related information are available from
        http://www.cert.org/
        ftp://ftp.cert.org/pub/

CERT advisories and bulletins are also posted on the USENET newsgroup
        comp.security.announce

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request@cert.org
In the subject line, type
        SUBSCRIBE  your-email-address



* Registered U.S. Patent and Trademark Office.

The CERT Coordination Center is part of the Software Engineering
Institute (SEI). The SEI is sponsored by the U. S. Department of Defense.


This file: ftp://ftp.cert.org/pub/cert_bulletins/VB-97.10.samba




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNDQXFHVP+x0t4w7BAQEWGgQAyQgCtjadXz8BB209DIm39XK5V1CIAKfp
FV/lsxmYcrQobBTgggyGkYeKpaRrMbgv12H8aQeH35aouoCyYoDSs0XNf7RpA8Qh
WDcQCfqBR+xF6surNhOrfHIA8OBP12zdAxCTpJubtnhP5uRJFGEPH0XvXLBaeJ7k
mnFiW9dURP4=
=yZNb
-----END PGP SIGNATURE-----

Timofei Cherkasov; Baltic Group, MIS.
Phone: +7 (812) 278-84-18; Fax:+7 (812) 278-84-17
RadioPage: 20962 +7 (812) 327-87-47, 293-90-11, 293-90-01
=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@east.ru if you want to quit.
List archive is accessible at http://www.east.ru/inet-admins/



 




Copyright © Lexa Software, 1996-2009.