PDA

Bekijk Volledige Versie : Samba-TNG 0.3.1 Security Release (fwd)



Erik Parker
24/03/03, 20:50
---------- Forwarded message ----------
Date: Sat, 22 Mar 2003 21:03:11 +0100 (CET)
From: Stephan Lauffer <lauffer@ph-freiburg.de>
To: tng-announcements@lists.dcerpc.org
Subject: [ANNOUNCE] Samba-TNG 0.3.1 Security Release

Samba-TNG-0.3.1 released
==========================
Mar 22th 2003

Today the Samba-TNG team announces a new version of Samba-TNG
with two serious security fixes. We STRONGLY recommend updating
to this release.

Changes to 0.3:
------------------

Samba-TNG-0.3.1 is a security and bugfixed version of 0.3
only.
o Security fix of a hole found in Samba by S. Kramer
of SuSE.
o Security fix of a hole discovered by Elrond in the
security context management of Samba-TNG.
o Fix some minor bugs in the rpcclient.

Security problem description:
-------------------------------

In probably all versions of Samba-TNG prior to 0.3.1 there
were two remote root escalations discovered.

The first hole was discovered in the Samba package by
Sebastian Kramer from SuSE.
Cross references:
MITRE CVE entry CAN-2003-0085
http://us1.samba.org/samba/whatsnew/samba-2.2.8.html
Exploit code for Samba is known to be circulating; it is probably
only a matter of time until exploits are adapted for Samba-TNG.
Peter Samuelson ported the fix from Samba to this release of
Samba-TNG.

The second hole is a bug in the security context management code,
discovered by Elrond from Samba-TNG. We believe that this bug does
not affect the classic Samba, since their implementation of this
functionality is quite different.

If you can get any (including anonymous) connection to TNG,
you can become root on the target. Tcpwrappers (a compile option
in TNG), the smb.conf parameters "allow host" / "deny host", or
firewalls may of course reduce your exposure.

This vulnerability was discovered and fixed internally; we do not
believe there are any public exploits at this time.

We don't know of any workarounds for either of the two problems.

Downloading Samba-TNG-0.3.1:
------------------------------

The list of available binary packages will be found at the
donwload page: http://www.samba-tng.org/download.html

Source via CVS see:
cvs -d :pserver:anoncvs@anoncvs.dcerpc.org:/home/cvsroot login
When it prompts for a password, use anoncvs
cvs -z3 -d :pserver:anoncvs@anoncvs.dcerpc.org:/home/cvsroot co -r release-0-3-1 tng

Source tarball:
http://www.samba-tng.org/download/tng/samba-tng-0.3.1.tar.gz (3082595 bytes)
MD5SUM: 35627e8cfa3453e83586a70a4e175ca4

Patch file to update from 0.3:
http://www.samba-tng.org/download/tng/samba-tng-0.3-0.3.1.diff.gz (11399 bytes)
MD5SUM: ae55c7ee0ae4f86bb56f0ae5ae8e16a1

With regards,
Stephan