Skip to navigation

Security Advisory Critical: samba security update

Advisory: RHSA-2008:0289-5
Type: Security Advisory
Severity: Critical
Issued on: 2008-05-28
Last updated on: 2008-05-28
Affected Products: Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.5.z)
CVEs (cve.mitre.org): CVE-2008-1105

Details

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A heap-based buffer overflow flaw was found in the way Samba clients handle
over-sized packets. If a client connected to a malicious Samba server, it
was possible to execute arbitrary code as the Samba client user. It was
also possible for a remote user to send a specially crafted print request
to a Samba server that could result in the server executing the vulnerable
client code, resulting in arbitrary code execution with the permissions of
the Samba server. (CVE-2008-1105)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
samba-3.0.10-2.el4_5.3.src.rpm     MD5: a539bdbe75998ce5daffb22a635d4148
 
IA-32:
samba-3.0.10-2.el4_5.3.i386.rpm     MD5: ee3a72740f5921595fc02479c9271a78
samba-client-3.0.10-2.el4_5.3.i386.rpm     MD5: e7b3ba34f7afe59ff67c1d9808b40ee9
samba-common-3.0.10-2.el4_5.3.i386.rpm     MD5: 56a1a9833cb8be0092f8289f26888774
samba-swat-3.0.10-2.el4_5.3.i386.rpm     MD5: 2408f37ee68ba976ee310ee33d6aea19
 
IA-64:
samba-3.0.10-2.el4_5.3.ia64.rpm     MD5: c2906766903ecb0f8c81f9e3e0891c18
samba-client-3.0.10-2.el4_5.3.ia64.rpm     MD5: 4ad18e27b337122d755fc14e84691ad8
samba-common-3.0.10-2.el4_5.3.i386.rpm     MD5: 56a1a9833cb8be0092f8289f26888774
samba-common-3.0.10-2.el4_5.3.ia64.rpm     MD5: 85bdd73b97f3fe42a81a3ee40616b380
samba-swat-3.0.10-2.el4_5.3.ia64.rpm     MD5: 99d0622b4f354cce114e585245dbdab4
 
PPC:
samba-3.0.10-2.el4_5.3.ppc.rpm     MD5: fe8ab383f773183f0fe4ef31d457bad1
samba-client-3.0.10-2.el4_5.3.ppc.rpm     MD5: 30034383bdd30c8c0121753b6bd8121f
samba-common-3.0.10-2.el4_5.3.ppc.rpm     MD5: aeb978b907abf3008f31bf7122a0e486
samba-common-3.0.10-2.el4_5.3.ppc64.rpm     MD5: 4399f893441c02ee850b3937bba4e4ed
samba-swat-3.0.10-2.el4_5.3.ppc.rpm     MD5: b8ac19ee9195e512c100db4a8223b89c
 
s390:
samba-3.0.10-2.el4_5.3.s390.rpm     MD5: dfb772b36a0413973638ed98a84fd6d9
samba-client-3.0.10-2.el4_5.3.s390.rpm     MD5: 2c4c558c10a56dc29ba94b76f02fb30c
samba-common-3.0.10-2.el4_5.3.s390.rpm     MD5: a8858d8f36e1a31f92a5dd1501bdc71d
samba-swat-3.0.10-2.el4_5.3.s390.rpm     MD5: 1829f96b14c4f60177d2175a1de4b6bf
 
s390x:
samba-3.0.10-2.el4_5.3.s390x.rpm     MD5: 11bc4c1da050899425bc5d143284e64f
samba-client-3.0.10-2.el4_5.3.s390x.rpm     MD5: ed8d76ffad4d705430a4420ae7d04fa9
samba-common-3.0.10-2.el4_5.3.s390.rpm     MD5: a8858d8f36e1a31f92a5dd1501bdc71d
samba-common-3.0.10-2.el4_5.3.s390x.rpm     MD5: 5c2cf394256c3e0bdbe18b7183dbf1a5
samba-swat-3.0.10-2.el4_5.3.s390x.rpm     MD5: 9c02cdc62c640e0412d41ad324ac3498
 
x86_64:
samba-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 4b72fa66884ea459f1340164e8572d0d
samba-client-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 4b3e477fb78750fb7b9c6aa624a4631b
samba-common-3.0.10-2.el4_5.3.i386.rpm     MD5: 56a1a9833cb8be0092f8289f26888774
samba-common-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 5d0199716c86f5c1dc588619709d6a44
samba-swat-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 90e057752e2d793f5d50c3bdc1ff64ee
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
samba-3.0.10-2.el4_5.3.src.rpm     MD5: a539bdbe75998ce5daffb22a635d4148
 
IA-32:
samba-3.0.10-2.el4_5.3.i386.rpm     MD5: ee3a72740f5921595fc02479c9271a78
samba-client-3.0.10-2.el4_5.3.i386.rpm     MD5: e7b3ba34f7afe59ff67c1d9808b40ee9
samba-common-3.0.10-2.el4_5.3.i386.rpm     MD5: 56a1a9833cb8be0092f8289f26888774
samba-swat-3.0.10-2.el4_5.3.i386.rpm     MD5: 2408f37ee68ba976ee310ee33d6aea19
 
IA-64:
samba-3.0.10-2.el4_5.3.ia64.rpm     MD5: c2906766903ecb0f8c81f9e3e0891c18
samba-client-3.0.10-2.el4_5.3.ia64.rpm     MD5: 4ad18e27b337122d755fc14e84691ad8
samba-common-3.0.10-2.el4_5.3.i386.rpm     MD5: 56a1a9833cb8be0092f8289f26888774
samba-common-3.0.10-2.el4_5.3.ia64.rpm     MD5: 85bdd73b97f3fe42a81a3ee40616b380
samba-swat-3.0.10-2.el4_5.3.ia64.rpm     MD5: 99d0622b4f354cce114e585245dbdab4
 
x86_64:
samba-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 4b72fa66884ea459f1340164e8572d0d
samba-client-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 4b3e477fb78750fb7b9c6aa624a4631b
samba-common-3.0.10-2.el4_5.3.i386.rpm     MD5: 56a1a9833cb8be0092f8289f26888774
samba-common-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 5d0199716c86f5c1dc588619709d6a44
samba-swat-3.0.10-2.el4_5.3.x86_64.rpm     MD5: 90e057752e2d793f5d50c3bdc1ff64ee
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

446724 - CVE-2008-1105 Samba client buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/