samba logo

Release Announcements
=====================

Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 
(Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a
cross-site request forgery. o CVE-2011-2694: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a
cross-site scripting vulnerability. Please note that SWAT must be enabled in order for these vulnerabilities to be exploitable. By default,
SWAT is *not* enabled on a Samba install. Changes ------- * BUG 8289: SWAT contains a cross-site scripting vulnerability. * BUG 8290: CSRF vulnerability in SWAT. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA).
The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.10.html http://www.samba.org/samba/history/samba-3.4.14.html http://www.samba.org/samba/history/samba-3.3.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Samba 3.6.0rc3 Available for Download Release Announcements --------------------- This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and
is designed for testing purposes only. Please report any defects via the Samba bug reporting system at
 https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults ------------------------- Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no .
.
.
.
.

 SMB2 support ------------ Internal Winbind passdb changes ------------------------------- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code ----------------

ID Mapping Changes ------------------ Endpoint Mapper --------------- Internal restructuring ---------------------- SMB Traffic Analyzer -------------------- NFS quota backend on Linux -------------------------- ####### Changes ####### smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- async smb echo handler New No client ntlmv2 auth Changed Default Yes client use spnego principal New No ctdb locktime warn threshold New 0 idmap alloc backend Removed log writeable files on exit New No multicast dns register New Yes ncalrpc dir New send spnego principal New No smb2 max credits New 128 smb2 max read New 1048576 smb2 max trans New 1048576 smb2 max write New 1048576 username map cache time New 0 winbind max clients New 200 The variable substitutions for %i and %I no longer use IPv4 addresses mapped to IPv6, e.g.
'::ffff:192.168.0.1', if the host has IPv6 enabled. Now %i and %I contain just '192.168.0.1'. * Fix a valgrind error.

좀더 자세한 내용은 링크를 참고하세요.

Release Announcements
=====================

Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719.


o  CVE-2011-0719:
   All current released versions of Samba are vulnerable to a denial of service caused by memory corruption.
 Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption.
 This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or
 unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the
 advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.

 Changes ------- o Jeremy Allison * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA).
The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.5.7.html http://www.samba.org/samba/ftp/history/samba-3.4.12.html http://www.samba.org/samba/ftp/history/samba-3.3.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/

관련 링크 : http://samba.org/samba/history/security.html

'News' 카테고리의 다른 글

XE Core 1.4.5 배포  (4) 2011.04.01
Mozilla Firefox 4.0 정식 출시  (0) 2011.03.24
Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases  (0) 2011.03.01
Samba 3.4.11 release  (0) 2011.01.25
ProFTPD 1.3.4rc1, 1.3.3d release  (0) 2010.12.26
ProFTPD 1.3.3c Release  (0) 2010.12.02



1.3.3 이전 버전의 해당 취약점 요약

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.


1.3.3c 변경점
-------------

+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"






관련 링크 :
http://proftpd.org/docs/RELEASE_NOTES-1.3.3c
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867

'News' 카테고리의 다른 글

Samba 3.4.11 release  (0) 2011.01.25
ProFTPD 1.3.4rc1, 1.3.3d release  (0) 2010.12.26
ProFTPD 1.3.3c Release  (0) 2010.12.02
ModSecurity 2.5.13 release  (0) 2010.12.01
XE 1.4.4.2 배포  (0) 2010.12.01
Rootkit Hunter release 1.3.8  (0) 2010.11.17

The change log lists 24 bug fixes, 29 changes and 18 new items.
Naming a few:

* Whitelist rootkit strings (RTKT_FILE_WHITELIST).
   

* Whitelist items not always present (EXISTWHITELIST).

* Whitelist combined pathname and port number (PORT_WHITELIST).

* Added Whirlpool and Ripemd160 hashes to file properties check.

* Support for DragonFly BSD.

* Support for Solaris OS package management.

* The 'suspicious files' check display each item individually.

* The '--enable' and '--disable' command-line options may now be specified more than once.

* Grsecurity-enabled systems may now run the network 'ports' test.

* Allow test names for the 'unhide' command (UNHIDE_TESTS).
    * Rootkit checks added: OS X Togroot and Boonana (Koobface.A) trojan,

    Solaris Wanuk backdoor and worm and Inqtana worm.

* Better support for *BSD commands and OS X.


For more details please see the CHANGELOG at
http://rkhunter.cvs.sourceforge.net/viewvc/*checkout*/rkhunter/rkhunter/files/CHANGELOG


관련 링크 :

http://rkhunter.sourceforge.net/

'News' 카테고리의 다른 글

ModSecurity 2.5.13 release  (0) 2010.12.01
XE 1.4.4.2 배포  (0) 2010.12.01
Rootkit Hunter release 1.3.8  (0) 2010.11.17
Android bugs let attackers install malware without warning  (0) 2010.11.13
XE Core 1.4.4 배포  (1) 2010.09.28
XE Core 1.4.3 배포  (1) 2010.07.07


By Dan Goodin in San Francisco

Researchers have disclosed bugs in Google's Android mobile operating system that allow attackers to surreptitiously install malware on users' handsets.

The most serious of the two flaws was poignantly demonstrated on Wednesday in a proof-of-concept app that was available in the Google-sanctioned Market. Disguised as an expansion for the popular game Angry Birds, it silently installs three additional apps that without warning have access to a phone's contacts, location information and SMS functionality and can transmit their data to a remote server.

It took Google about six hours to pull the bogus app, said Scio Security CTO Jon Oberheide, one of the two researchers to discover and exploit the vulnerability. What will be harder to lock down are the special security tokens the web giant uses to authenticate Android users so they don't have to expose their passwords to third-party services. The proof-of-concept works by exploiting weaknesses in that Android token system.

“It abuses that token to perform the same actions the legitimate Market app would perform, but without asking for permission,” Oberheide told The Register. “Through some of the research, we realized we could use this one specific token for the Android service to bypass the restrictions on the permission system.”


기사 전문은 아래 링크를 참고하세요.

http://www.theregister.co.uk/2010/11/10/android_malware_attacks/

'News' 카테고리의 다른 글

XE 1.4.4.2 배포  (0) 2010.12.01
Rootkit Hunter release 1.3.8  (0) 2010.11.17
Android bugs let attackers install malware without warning  (0) 2010.11.13
XE Core 1.4.4 배포  (1) 2010.09.28
XE Core 1.4.3 배포  (1) 2010.07.07
Trustwave Acquires Breach Security and with it ModSecurity  (0) 2010.06.27

+ Recent posts