Skip to navigation

Security Advisory Critical: samba security update

Advisory: RHSA-2007:1034-2
Type: Security Advisory
Severity: Critical
Issued on: 2007-11-15
Last updated on: 2007-11-15
Affected Products: Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.5.z)
CVEs (cve.mitre.org): CVE-2007-5398

Details

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash, or execute
arbitrary code. (CVE-2007-5398)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba should upgrade to these updated packages, which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
samba-3.0.10-2.el4_5.1.src.rpm
File outdated by:  RHSA-2008:0289
    MD5: cbb9d1560763f0b774e28dd815ef1a4c
 
IA-32:
samba-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 392db2d46fa8bb0ee763b1bfc91616f0
samba-client-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: bd9e338dedaf28cad8956387020e032b
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 805d3fab0d4994b17d2d5caf778d9011
samba-swat-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 470985c7c6e7fe54d173a0f55f9b778c
 
IA-64:
samba-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 084f259ad003c35a9a35d354a86ebb82
samba-client-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 3a3776d12663fb26c7c51cc6070d3849
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 0f92b8aaab51704621d8098877fb69f5
samba-swat-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 536ff70d101ac80744f2dece8aaf7502
 
PPC:
samba-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289
    MD5: bd6b23b6bfacb4c65e5b935b5a3cbfa9
samba-client-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289
    MD5: 2d8865cab085a6243b8c7cf0d8b4890b
samba-common-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289
    MD5: a14b5a3c592d721dc8e9748a88ef5056
samba-common-3.0.10-2.el4_5.1.ppc64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 2f19d12b1f6b776f6c294409c03519e6
samba-swat-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289
    MD5: 1d9ddecfa4be50f41fb63aa576bfa8b7
 
s390:
samba-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289
    MD5: a1b0ac998048bfb187b655720a3e03f9
samba-client-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289
    MD5: 91e00cf1f3fa3ca3dbecb2d4a8bb4e26
samba-common-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289
    MD5: 5d323fd8b0c0596bda98059080296387
samba-swat-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289
    MD5: 5a9b798d261572a75ac6a7bae6300a82
 
s390x:
samba-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289
    MD5: 1f10cff63fe9d8425297c2d65e2a18d9
samba-client-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289
    MD5: 123a72fdadab559fd16bcf4ca392f543
samba-common-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289
    MD5: 5d323fd8b0c0596bda98059080296387
samba-common-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289
    MD5: 9e1fe58e6d925b9b83ade03b225170d1
samba-swat-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289
    MD5: c444168ae5eca9bf5ab30b413c074965
 
x86_64:
samba-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 4e02f7b7abeb1c330e6dcc3ee483d746
samba-client-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 086158235de9b5258a6878d9322afc8f
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 292a06a7a1e70e64acf664a7270758ad
samba-swat-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: c4271ff36377f8d79a9b17bf7c7633f2
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
samba-3.0.10-2.el4_5.1.src.rpm
File outdated by:  RHSA-2008:0289
    MD5: cbb9d1560763f0b774e28dd815ef1a4c
 
IA-32:
samba-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 392db2d46fa8bb0ee763b1bfc91616f0
samba-client-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: bd9e338dedaf28cad8956387020e032b
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 805d3fab0d4994b17d2d5caf778d9011
samba-swat-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 470985c7c6e7fe54d173a0f55f9b778c
 
IA-64:
samba-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 084f259ad003c35a9a35d354a86ebb82
samba-client-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 3a3776d12663fb26c7c51cc6070d3849
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 0f92b8aaab51704621d8098877fb69f5
samba-swat-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 536ff70d101ac80744f2dece8aaf7502
 
x86_64:
samba-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 4e02f7b7abeb1c330e6dcc3ee483d746
samba-client-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 086158235de9b5258a6878d9322afc8f
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289
    MD5: 805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: 292a06a7a1e70e64acf664a7270758ad
samba-swat-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289
    MD5: c4271ff36377f8d79a9b17bf7c7633f2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/