Skip to navigation

Security Advisory Critical: samba security update

Advisory: RHSA-2007:1017-6
Type: Security Advisory
Severity: Critical
Issued on: 2007-11-15
Last updated on: 2007-11-15
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2007-4138
CVE-2007-4572
CVE-2007-5398

Details

Updated samba packages that fix security issues are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash or execute
arbitrary code. (CVE-2007-5398)

A heap based buffer overflow flaw was found in the way Samba authenticates
users. A remote unauthenticated user could trigger this flaw to cause the
Samba server to crash. Careful analysis of this flaw has determined that
arbitrary code execution is not possible, and under most circumstances will
not result in a crash of the Samba server. (CVE-2007-4572)

A flaw was found in the way Samba assigned group IDs under certain
conditions. If the "winbind nss info" parameter in smb.conf is set to
either "sfu" or "rfc2307", Samba users are incorrectly assigned the group
ID of 0. (CVE-2007-4138)

Red Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,
and the Samba developers for responsibly disclosing these issues.

All Samba users are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To do so, run the following command (as root):

pup

Alternatively, for a command-line interface, run the following command:

yum update

To register your system to RHN, use the following command:

rhn_register

For information on how to manually install or remove packages, refer to the
following link:

http://kbase.redhat.com/faq/FAQ_80_11223.shtm

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
samba-3.0.25b-1.el5_1.2.src.rpm
File outdated by:  RHSA-2007:1114
    MD5: a614dd8ab1961b7c8a92a170f9bb0036
 
IA-32:
samba-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: f582807333fffc7cfda3f048ad61497a
samba-client-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: c0c45a2fb546b2c2dd4274a3a88fa234
samba-common-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 56b33f69aebac9bd6654a0ab6ba1a03e
samba-swat-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 5d32128d7fd5545a6684fd8e1e0055e0
 
IA-64:
samba-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: b5c0f25eb34772868f06587ef82f55fc
samba-client-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 33c027d28143b365aa2be7f1e4bc157f
samba-common-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 9026a5f1367f3f0bddbecdd9c6e40799
samba-swat-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: e79f8e34a2c8e9f3f3f6b18d2e06aa69
 
PPC:
samba-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: bd4ce92708ef4da5a2b2f6d3d7152e97
samba-client-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: 94b414b78ff56c6f1b03dd60eb2763af
samba-common-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: b499aa2e2743c7599faa9966faa3ba01
samba-common-3.0.25b-1.el5_1.2.ppc64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 19b1d28cd1c92e24dc929c7fc077f7a2
samba-swat-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: 0b83aa72e83102bde6ee6ab6f1b64c5e
 
s390x:
samba-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: fc14df09d7e01a24901161d5579545ed
samba-client-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: d667ac073503416baabae3c862e87eb3
samba-common-3.0.25b-1.el5_1.2.s390.rpm
File outdated by:  RHSA-2014:0305
    MD5: 352f6a60a34508f56884f762d6ad3193
samba-common-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: de3cb0008e9801aa7c7f8d7de7fbd6e2
samba-swat-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: cc836ca1eaf90d2afe6a979d80d0b446
 
x86_64:
samba-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 2940397a447ae38809c5661e3c6e9e9f
samba-client-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 4bd8bf5a6d39844c291e67af9debef55
samba-common-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 56b33f69aebac9bd6654a0ab6ba1a03e
samba-common-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: bf460a8a6d2338be4bd83884ca5934a7
samba-swat-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 7ffd3a287260c93478549f0bff913297
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
samba-3.0.25b-1.el5_1.2.src.rpm
File outdated by:  RHSA-2007:1114
    MD5: a614dd8ab1961b7c8a92a170f9bb0036
 
IA-32:
samba-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: f582807333fffc7cfda3f048ad61497a
samba-client-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: c0c45a2fb546b2c2dd4274a3a88fa234
samba-common-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 56b33f69aebac9bd6654a0ab6ba1a03e
samba-swat-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 5d32128d7fd5545a6684fd8e1e0055e0
 
x86_64:
samba-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 2940397a447ae38809c5661e3c6e9e9f
samba-client-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 4bd8bf5a6d39844c291e67af9debef55
samba-common-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 56b33f69aebac9bd6654a0ab6ba1a03e
samba-common-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: bf460a8a6d2338be4bd83884ca5934a7
samba-swat-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 7ffd3a287260c93478549f0bff913297
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
samba-3.0.25b-1.el5_1.2.src.rpm
File outdated by:  RHSA-2007:1114
    MD5: a614dd8ab1961b7c8a92a170f9bb0036
 
IA-32:
samba-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2007:1114
    MD5: f582807333fffc7cfda3f048ad61497a
samba-client-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2007:1114
    MD5: c0c45a2fb546b2c2dd4274a3a88fa234
samba-common-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2007:1114
    MD5: 56b33f69aebac9bd6654a0ab6ba1a03e
samba-swat-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2007:1114
    MD5: 5d32128d7fd5545a6684fd8e1e0055e0
 
IA-64:
samba-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2007:1114
    MD5: b5c0f25eb34772868f06587ef82f55fc
samba-client-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2007:1114
    MD5: 33c027d28143b365aa2be7f1e4bc157f
samba-common-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2007:1114
    MD5: 9026a5f1367f3f0bddbecdd9c6e40799
samba-swat-3.0.25b-1.el5_1.2.ia64.rpm
File outdated by:  RHSA-2007:1114
    MD5: e79f8e34a2c8e9f3f3f6b18d2e06aa69
 
PPC:
samba-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2007:1114
    MD5: bd4ce92708ef4da5a2b2f6d3d7152e97
samba-client-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2007:1114
    MD5: 94b414b78ff56c6f1b03dd60eb2763af
samba-common-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2007:1114
    MD5: b499aa2e2743c7599faa9966faa3ba01
samba-common-3.0.25b-1.el5_1.2.ppc64.rpm
File outdated by:  RHSA-2007:1114
    MD5: 19b1d28cd1c92e24dc929c7fc077f7a2
samba-swat-3.0.25b-1.el5_1.2.ppc.rpm
File outdated by:  RHSA-2007:1114
    MD5: 0b83aa72e83102bde6ee6ab6f1b64c5e
 
s390x:
samba-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2007:1114
    MD5: fc14df09d7e01a24901161d5579545ed
samba-client-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2007:1114
    MD5: d667ac073503416baabae3c862e87eb3
samba-common-3.0.25b-1.el5_1.2.s390.rpm
File outdated by:  RHSA-2007:1114
    MD5: 352f6a60a34508f56884f762d6ad3193
samba-common-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2007:1114
    MD5: de3cb0008e9801aa7c7f8d7de7fbd6e2
samba-swat-3.0.25b-1.el5_1.2.s390x.rpm
File outdated by:  RHSA-2007:1114
    MD5: cc836ca1eaf90d2afe6a979d80d0b446
 
x86_64:
samba-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2007:1114
    MD5: 2940397a447ae38809c5661e3c6e9e9f
samba-client-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2007:1114
    MD5: 4bd8bf5a6d39844c291e67af9debef55
samba-common-3.0.25b-1.el5_1.2.i386.rpm
File outdated by:  RHSA-2007:1114
    MD5: 56b33f69aebac9bd6654a0ab6ba1a03e
samba-common-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2007:1114
    MD5: bf460a8a6d2338be4bd83884ca5934a7
samba-swat-3.0.25b-1.el5_1.2.x86_64.rpm
File outdated by:  RHSA-2007:1114
    MD5: 7ffd3a287260c93478549f0bff913297
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

286271 - CVE-2007-4138 samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin
294631 - CVE-2007-4572 samba buffer overflow
358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/