보안버그로 인한 릴리즈라고 합니다. 자세한 사항은 아래 노트를 참고하시고 samba를 사용하시는분들은 업데이트하시기
바랍니다. http://kr.samba.org/samba/samba.html
--------------------------------------------------------------------------
Security Release - Samba 2.2.7 (20th Nov, 2002) A security hole has been discovered in versions 2.2.2 through
2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine.
The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. In addition to addressing this security issue, Samba 2.2.7 also includes thirteen unrelated improvements. These improvements result from our process of continuous quality assurance and code review, and are part of the Samba team's commitment to excellence. The source code can be downloaded from : http://download.samba.org/samba/ftp/ All current source releases have been signed as well using the Samba Distribution Key Binary packages for major platforms can be found at http://download.samba.org/samba/ftp/Binary_Packages/ The release notes follow. As always, all bugs are our responsibility.
--Enjoy The Samba Team WHAT'S NEW IN Samba 2.2.7 - 20th November 2002
==============================================
This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes.
IMPORTANT: Security bugfix for Samba
------------------------------------ Summary -------
A security hole has been discovered in versions 2.2.2 through 2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine. The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. In addition to addressing this security issue, Samba 2.2.7 also includes thirteen unrelated improvements. These improvements result from our process of continuous quality assurance and code review, and are part of the Samba team's commitment to excellence.
Details ------- There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable to this problem. This version of Samba 2.2.7 contains a fix for this problem. Earlier versions of Samba are not vulnerable. There is no known exploit or exploit code for this vulnerability, it was discovered by a code audit by Debian Samba maintainers.
Credit ------ Thanks to Steve Langasek and Eloy Paris for bringing this vulnerability to our notice. Patch for Samba versions 2.2.2 to 2.2.6
---------------------------------------
The following patch applies cleanly to the above Samba versions and will fix the vulnerability for sites that do not wish to upgrade to 2.2.7 at this time.
-------------------------------cut here---------------------------------
--- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002 +++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002 @@ -63,7 +63,7 @@ if(len > 128) len = 128; /* Password must be converted to NT unicode - null terminated. */ - dos_struni2((char *)wpwd, (const char *)passwd, 256); + dos_struni2((char *)wpwd, (const char *)passwd, len); /* Calculate length in bytes */ len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
-------------------------------cut here---------------------------------
http://mirror.korea.co.kr/samba/ftp/Binary_Packages/
관련 링크: http://www.samba.org
바랍니다. http://kr.samba.org/samba/samba.html
--------------------------------------------------------------------------
Security Release - Samba 2.2.7 (20th Nov, 2002) A security hole has been discovered in versions 2.2.2 through
2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine.
The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. In addition to addressing this security issue, Samba 2.2.7 also includes thirteen unrelated improvements. These improvements result from our process of continuous quality assurance and code review, and are part of the Samba team's commitment to excellence. The source code can be downloaded from : http://download.samba.org/samba/ftp/ All current source releases have been signed as well using the Samba Distribution Key Binary packages for major platforms can be found at http://download.samba.org/samba/ftp/Binary_Packages/ The release notes follow. As always, all bugs are our responsibility.
--Enjoy The Samba Team WHAT'S NEW IN Samba 2.2.7 - 20th November 2002
==============================================
This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes.
IMPORTANT: Security bugfix for Samba
------------------------------------ Summary -------
A security hole has been discovered in versions 2.2.2 through 2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine. The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. In addition to addressing this security issue, Samba 2.2.7 also includes thirteen unrelated improvements. These improvements result from our process of continuous quality assurance and code review, and are part of the Samba team's commitment to excellence.
Details ------- There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable to this problem. This version of Samba 2.2.7 contains a fix for this problem. Earlier versions of Samba are not vulnerable. There is no known exploit or exploit code for this vulnerability, it was discovered by a code audit by Debian Samba maintainers.
Credit ------ Thanks to Steve Langasek and Eloy Paris for bringing this vulnerability to our notice. Patch for Samba versions 2.2.2 to 2.2.6
---------------------------------------
The following patch applies cleanly to the above Samba versions and will fix the vulnerability for sites that do not wish to upgrade to 2.2.7 at this time.
-------------------------------cut here---------------------------------
--- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002 +++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002 @@ -63,7 +63,7 @@ if(len > 128) len = 128; /* Password must be converted to NT unicode - null terminated. */ - dos_struni2((char *)wpwd, (const char *)passwd, 256); + dos_struni2((char *)wpwd, (const char *)passwd, len); /* Calculate length in bytes */ len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
-------------------------------cut here---------------------------------
http://mirror.korea.co.kr/samba/ftp/Binary_Packages/
관련 링크: http://www.samba.org
'News' 카테고리의 다른 글
| JSBoard 2.0.4 Release (0) | 2002.12.25 |
|---|---|
| proftpd v1.2.7 1-[kr 버전 :)] (0) | 2002.12.08 |
| JSBoard 2.0.2 Release (1) | 2002.11.18 |
| Samba 2.2.6 release (0) | 2002.10.29 |
| chkrootkit 0.37 release (0) | 2002.10.14 |