|| ||Erik Parker <email@example.com>|
|| ||Samba-TNG 0.3.1 Security Release (fwd)|
|| ||Sun, 23 Mar 2003 00:21:03 -0600 (CST)|
---------- Forwarded message ----------
Date: Sat, 22 Mar 2003 21:03:11 +0100 (CET)
From: Stephan Lauffer <firstname.lastname@example.org>
Subject: [ANNOUNCE] Samba-TNG 0.3.1 Security Release
Mar 22th 2003
Today the Samba-TNG team announces a new version of Samba-TNG
with two serious security fixes. We STRONGLY recommend updating
to this release.
Changes to 0.3:
Samba-TNG-0.3.1 is a security and bugfixed version of 0.3
o Security fix of a hole found in Samba by S. Kramer
o Security fix of a hole discovered by Elrond in the
security context management of Samba-TNG.
o Fix some minor bugs in the rpcclient.
Security problem description:
In probably all versions of Samba-TNG prior to 0.3.1 there
were two remote root escalations discovered.
The first hole was discovered in the Samba package by
Sebastian Kramer from SuSE.
MITRE CVE entry CAN-2003-0085
Exploit code for Samba is known to be circulating; it is probably
only a matter of time until exploits are adapted for Samba-TNG.
Peter Samuelson ported the fix from Samba to this release of
The second hole is a bug in the security context management code,
discovered by Elrond from Samba-TNG. We believe that this bug does
not affect the classic Samba, since their implementation of this
functionality is quite different.
If you can get any (including anonymous) connection to TNG,
you can become root on the target. Tcpwrappers (a compile option
in TNG), the smb.conf parameters "allow host" / "deny host", or
firewalls may of course reduce your exposure.
This vulnerability was discovered and fixed internally; we do not
believe there are any public exploits at this time.
We don't know of any workarounds for either of the two problems.
The list of available binary packages will be found at the
donwload page: http://www.samba-tng.org/download.html
Source via CVS see:
cvs -d :pserver:email@example.com:/home/cvsroot login
When it prompts for a password, use anoncvs
cvs -z3 -d :pserver:firstname.lastname@example.org:/home/cvsroot co -r release-0-3-1 tng
http://www.samba-tng.org/download/tng/samba-tng-0.3.1.tar.gz (3082595 bytes)
Patch file to update from 0.3:
http://www.samba-tng.org/download/tng/samba-tng-0.3-0.3.1.diff.gz (11399 bytes)
to post comments)