Skip to navigation

Security Advisory New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1

Advisory: RHSA-2001:086-09
Type: Security Advisory
Severity: N/A
Issued on: 2001-06-23
Last updated on: 2001-10-05
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
CVEs (cve.mitre.org): CVE-2001-1162

Details

New Samba packages are available for Red Hat Linux 5.2, 6.2, 7, and 7.1.
These packages fix a security problem with remote clients giving special
NetBIOS names to the server.

It is recommended that all Samba users upgrade to the fixed packages.
Please note that the packages for Red Hat Linux 6.2 require an updated
logrotate package.

UPDATE: The packages for Red Hat Linux 5.2 have been updated. The original
packages detected the availability of syscalls present in kernels newer
than 2.2. Red Hat Linux 5.2 has a 2.0 kernel, and users will experience
various problems when these syscalls are used. This release removes the
detection of these syscalls from the autoconf script.

The Samba configuration used in Red Hat Linux logs operations into
[remotenetbiosname].log. By sending an invalid NetBIOS name, Samba could be
fooled to write its log in unintended and inappropriate locations. This can
be especially dangerous if combined with a symlink created by a local user.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2

SRPMS:
samba-2.0.10-0.62.src.rpm
File outdated by:  RHSA-2003:095
    MD5: c6c163dc45803cce27d6c9ac4980b312
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/samba/2.0.10-0.62/alpha/samba-2.0.10-0.62.alpha.rpm
Missing file
    MD5: 346698143be2b970ab7b9a2daa4cb482
ftp://updates.redhat.com/rhn/repository/NULL/samba-client/2.0.10-0.62/alpha/samba-client-2.0.10-0.62.alpha.rpm
Missing file
    MD5: 66ec9df3884ea11dcc9aa65f9c00c0b9
ftp://updates.redhat.com/rhn/repository/NULL/samba-common/2.0.10-0.62/alpha/samba-common-2.0.10-0.62.alpha.rpm
Missing file
    MD5: fd65e0789cf5cb77b1cca71dd5d0cbe6
 
IA-32:
samba-2.0.10-0.62.i386.rpm
File outdated by:  RHSA-2003:095
    MD5: fe5cb3e1c2d85b609a23e8e6b9e18032
samba-client-2.0.10-0.62.i386.rpm
File outdated by:  RHSA-2003:095
    MD5: 592952ec4e6ebba775453790bff9f55c
samba-common-2.0.10-0.62.i386.rpm
File outdated by:  RHSA-2003:095
    MD5: 7aaab8758112c7eea1b9f5f82a618ccb
 
Sparc:
ftp://updates.redhat.com/rhn/repository/NULL/samba/2.0.10-0.62/sparc/samba-2.0.10-0.62.sparc.rpm
Missing file
    MD5: 0abcd0238a18311c26eba967a8256c5b
ftp://updates.redhat.com/rhn/repository/NULL/samba-client/2.0.10-0.62/sparc/samba-client-2.0.10-0.62.sparc.rpm
Missing file
    MD5: e21c51775e7af1aace2b76e0a36f126f
ftp://updates.redhat.com/rhn/repository/NULL/samba-common/2.0.10-0.62/sparc/samba-common-2.0.10-0.62.sparc.rpm
Missing file
    MD5: 513e63a960296b3cbdaac634f5641301
 
Red Hat Linux 7.0

SRPMS:
samba-2.0.10-0.7.src.rpm
File outdated by:  RHSA-2003:095
    MD5: 1db7800a8973a157fe350c4073492a24
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/samba/2.0.10-0.7/alpha/samba-2.0.10-0.7.alpha.rpm
Missing file
    MD5: b23b1930ff12b4b5baed47c6f58ea204
ftp://updates.redhat.com/rhn/repository/NULL/samba-client/2.0.10-0.7/alpha/samba-client-2.0.10-0.7.alpha.rpm
Missing file
    MD5: d3dbd761b1b9aed27e2675bb8b0746df
ftp://updates.redhat.com/rhn/repository/NULL/samba-common/2.0.10-0.7/alpha/samba-common-2.0.10-0.7.alpha.rpm
Missing file
    MD5: 44d4aee596d2a775f2a79e873b93dd54
 
IA-32:
samba-2.0.10-0.7.i386.rpm
File outdated by:  RHSA-2003:095
    MD5: bab37137760e9955f8764a076c67c9ae
samba-client-2.0.10-0.7.i386.rpm
File outdated by:  RHSA-2003:095
    MD5: 826b1e504046b33ea5a979092fa54131
samba-common-2.0.10-0.7.i386.rpm
File outdated by:  RHSA-2003:095
    MD5: 3362bb219401f80c852614ec779d071e
 
Red Hat Linux 7.1

SRPMS:
samba-2.0.10-2.src.rpm
File outdated by:  RHSA-2003:137
    MD5: c2d3bdaec859f09d31bcc14727e59918
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/samba/2.0.10-2/alpha/samba-2.0.10-2.alpha.rpm
Missing file
    MD5: 994f39fc465bb4dae3a94c2e0b608b4a
ftp://updates.redhat.com/rhn/repository/NULL/samba-client/2.0.10-2/alpha/samba-client-2.0.10-2.alpha.rpm
Missing file
    MD5: ca0e8961ccfa6f78ab6e9155b7068b20
ftp://updates.redhat.com/rhn/repository/NULL/samba-common/2.0.10-2/alpha/samba-common-2.0.10-2.alpha.rpm
Missing file
    MD5: ed3b2c72b04581f5345baf85044ff2e1
ftp://updates.redhat.com/rhn/repository/NULL/samba-swat/2.0.10-2/alpha/samba-swat-2.0.10-2.alpha.rpm
Missing file
    MD5: 59510f5d9f8bca09c35d5fa3fbb04553
 
IA-32:
samba-2.0.10-2.i386.rpm
File outdated by:  RHSA-2003:137
    MD5: 988c5e7b554b659827897e52f8d13784
samba-client-2.0.10-2.i386.rpm
File outdated by:  RHSA-2003:137
    MD5: 9d5e0051d258f875236c3a317611f333
samba-common-2.0.10-2.i386.rpm
File outdated by:  RHSA-2003:137
    MD5: 5fe71e403bfd27da1de2325b734d28f8
samba-swat-2.0.10-2.i386.rpm
File outdated by:  RHSA-2003:137
    MD5: dc667f249bd0c9024dcf751e513962f4
 

Bugs fixed (see bugzilla for more information)

45645 - Log settings in configuration file allow system compromise
46109 - Problem with samba after an update


References


Keywords

/tmp, log, netbios, overwrite, samba


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/