Security Advisory Critical: samba security update

Advisory: RHSA-2007:1117-3
Type: Security Advisory
Severity: Critical
Issued on: 2007-12-10
Last updated on: 2007-12-10
Affected Products: Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.5.z)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-6015

Details

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. (CVE-2007-6015)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
samba-3.0.10-2.el4_5.2.src.rpm
File outdated by:  RHSA-2008:0289		     bd444386c67ac7144c57d1bf8e0df4db
 
IA-32:
samba-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     68bd0ed7ea0a3eda6ba31054bd05df15
samba-client-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     ab4f817962e1423511fd73bcf9d0291d
samba-common-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     176b8d500ac0e0b32ec91815d5d48387
samba-swat-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     21ade3a16594b54b5e22f1571fc7bd1e
 
IA-64:
samba-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     95cf0f3a3b84329cbbdd627e4016139c
samba-client-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     498bdd8d0f4b8ef55062bb8ccb5bce67
samba-common-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     176b8d500ac0e0b32ec91815d5d48387
samba-common-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     9e86c189a5a05e8d6d4ffd0d5d680039
samba-swat-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     300a2404564f207f005cc44cc0605bbf
 
PPC:
samba-3.0.10-2.el4_5.2.ppc.rpm
File outdated by:  RHSA-2008:0289		     7427942413c4a5429dbf5178187f5d40
samba-client-3.0.10-2.el4_5.2.ppc.rpm
File outdated by:  RHSA-2008:0289		     913df2994bf1738000eb39035ccd88f7
samba-common-3.0.10-2.el4_5.2.ppc.rpm
File outdated by:  RHSA-2008:0289		     8b9d23e2e7930cb76350f0bcef823fa1
samba-common-3.0.10-2.el4_5.2.ppc64.rpm
File outdated by:  RHSA-2008:0289		     afe0aafde8f9101f5f5be33a209d00b3
samba-swat-3.0.10-2.el4_5.2.ppc.rpm
File outdated by:  RHSA-2008:0289		     dfdd54785f0811c48aa5d2d72c1c50d2
 
s390:
samba-3.0.10-2.el4_5.2.s390.rpm
File outdated by:  RHSA-2008:0289		     75d3cf814daf7c92e7fec4ef5ba9e41a
samba-client-3.0.10-2.el4_5.2.s390.rpm
File outdated by:  RHSA-2008:0289		     cb0f98695b6d5f8dc79b7d2b58cf0fbe
samba-common-3.0.10-2.el4_5.2.s390.rpm
File outdated by:  RHSA-2008:0289		     591d86cb399119291ded94edbfc4ecc2
samba-swat-3.0.10-2.el4_5.2.s390.rpm
File outdated by:  RHSA-2008:0289		     3fd1c77586c071209ff102b5d4b27d78
 
s390x:
samba-3.0.10-2.el4_5.2.s390x.rpm
File outdated by:  RHSA-2008:0289		     c5294a17056d22515d9f07be5cacd9d5
samba-client-3.0.10-2.el4_5.2.s390x.rpm
File outdated by:  RHSA-2008:0289		     74c59956ebf28a5b03bd002e8e4a7a63
samba-common-3.0.10-2.el4_5.2.s390.rpm
File outdated by:  RHSA-2008:0289		     591d86cb399119291ded94edbfc4ecc2
samba-common-3.0.10-2.el4_5.2.s390x.rpm
File outdated by:  RHSA-2008:0289		     13fe64f043730e952d7fe657dfaf94f1
samba-swat-3.0.10-2.el4_5.2.s390x.rpm
File outdated by:  RHSA-2008:0289		     bb08947066e3e91bba9ae40de81b5945
 
x86_64:
samba-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     e30f7eeb3b1f81bd8f4455c91b54a82a
samba-client-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     c7deff56c3bf23848565e3bd001f0f5d
samba-common-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     176b8d500ac0e0b32ec91815d5d48387
samba-common-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     e2d28bd3b89b7206204071672fd732e4
samba-swat-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     df5f78c25b3e3ff0274ca059bf2a97da
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
samba-3.0.10-2.el4_5.2.src.rpm
File outdated by:  RHSA-2008:0289		     bd444386c67ac7144c57d1bf8e0df4db
 
IA-32:
samba-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     68bd0ed7ea0a3eda6ba31054bd05df15
samba-client-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     ab4f817962e1423511fd73bcf9d0291d
samba-common-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     176b8d500ac0e0b32ec91815d5d48387
samba-swat-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     21ade3a16594b54b5e22f1571fc7bd1e
 
IA-64:
samba-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     95cf0f3a3b84329cbbdd627e4016139c
samba-client-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     498bdd8d0f4b8ef55062bb8ccb5bce67
samba-common-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     176b8d500ac0e0b32ec91815d5d48387
samba-common-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     9e86c189a5a05e8d6d4ffd0d5d680039
samba-swat-3.0.10-2.el4_5.2.ia64.rpm
File outdated by:  RHSA-2008:0289		     300a2404564f207f005cc44cc0605bbf
 
x86_64:
samba-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     e30f7eeb3b1f81bd8f4455c91b54a82a
samba-client-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     c7deff56c3bf23848565e3bd001f0f5d
samba-common-3.0.10-2.el4_5.2.i386.rpm
File outdated by:  RHSA-2008:0289		     176b8d500ac0e0b32ec91815d5d48387
samba-common-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     e2d28bd3b89b7206204071672fd732e4
samba-swat-3.0.10-2.el4_5.2.x86_64.rpm
File outdated by:  RHSA-2008:0289		     df5f78c25b3e3ff0274ca059bf2a97da
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

396401 - CVE-2007-6015 samba: send_mailslot() buffer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/