[Fedora] Schwachstelle in Samba vor Version 3.2.7 – FEDORA-2009-0268

[Fedora] Schwachstelle in Samba vor Version 3.2.7 - FEDORA-2009-0268

Von

—–BEGIN PGP SIGNED MESSAGE—–

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2009-0022 – Schwachstelle bei der Auswertung von Sharenamen in Samba

Ist in der Samba Konfiguration die Option ‘registry shares = yes’
gesetzt, kann ein am Server angemeldeter Benutzer Zugriff auf das
Root-Directory erhalten, indem er ein Leerzeichen als Sharenamen
uebergibt.

Betroffen sind die folgenden Software Pakete und Plattformen:

Paket samba

Fedora 9
Fedora 10

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00189.html
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
GRP: DFN-CERT Incident Response Team, DFN-CERT Services GmbH
Web: https://www.dfn-cert.de/, Phone: +49-40-808077-555

– ——————————————————————————–
Fedora Update Notification
FEDORA-2009-0268
2009-01-07 19:08:02
– ——————————————————————————–

Name : samba
Product : Fedora 9
Version : 3.2.7
Release : 0.23.fc9
URL : http://www.samba.org/
Summary : The Samba Suite of programs
Description :

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

– ——————————————————————————–
Update Information:

Security fix for CVE-2009-0022
– ——————————————————————————–
ChangeLog:

* Mon Jan 5 2009 Guenther Deschner – 3.2.7-0.23
– – Update to 3.2.7 (Security fix for CVE-2009-0022)
* Thu Nov 27 2008 Guenther Deschner – 3.2.5-0.22
– – Update to 3.2.5 (Security fix for CVE-2008-4314)
* Thu Sep 18 2008 Guenther Deschner – 3.2.4-0.21
– – Update to 3.2.4
– – resolves: #456889
– – move cifs.upcall to /usr/sbin
* Wed Aug 27 2008 Guenther Deschner – 3.2.3-0.20
– – Security fix for CVE-2008-3789
* Wed Aug 20 2008 Guenther Deschner – 3.2.2-0.19
– – Update to 3.2.2
– – resolves: #456889
* Wed Aug 6 2008 Simo Sorce – 3.2.1-0.18
– – Update to 3.2.1
* Tue Jul 1 2008 Guenther Deschner – 3.2.0-2.17
– – Update to 3.2.0 final
– – resolves: #452622
* Tue Jun 10 2008 Guenther Deschner – 3.2.0-1.rc2.16
– – Update to 3.2.0rc2
– – resolves: #449522
– – resolves: #448107
* Fri May 30 2008 Guenther Deschner – 3.2.0-1.rc1.15
– – Fix security=server
– – resolves: #449038, #449039
* Wed May 28 2008 Guenther Deschner – 3.2.0-1.rc1.14
– – Add fix for CVE-2008-1105
– – resolves: #446724
* Fri May 23 2008 Guenther Deschner – 3.2.0-1.rc1.13
– – Update to 3.2.0rc1
* Wed May 21 2008 Simo Sorce – 3.2.0-1.pre3.12
– – make it possible to print against Vista and XP SP3 as servers
– – resolves: #439154
* Thu May 15 2008 Guenther Deschner – 3.2.0-1.pre3.11
– – Add “net ads join createcomputer=ou1/ou2/ou3” fix (BZO #5465)
* Fri May 9 2008 Guenther Deschner – 3.2.0-1.pre3.10
– – Add smbclient fix (BZO #5452)
– ——————————————————————————–
References:

[ 1 ] Bug #479110 – CVE-2009-0022 samba: potential access to “/” in setups with registry shares enabled
https://bugzilla.redhat.com/show_bug.cgi?id=479110
– ——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update samba’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
– ——————————————————————————–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBSWYprkhXCWfrVVdXAQHspgf9GRrUG6Cv/QB2SF/9t8Rq/3DHZZ31dUjN
A68NbOaWpuEmnYXYY6qZPvYw7iG2+qKSyilaPfHOq2OG8Gt6ywL5cA0SQUi6jOft
5VHf3fLAJjWsd4kqUEy5ZPOGQCRDsrZZX2eOyNIDVdq1g22Xemh5xF6LmKsSB022
hdEQgVCX5KUDbFECVXJLy2OCsZMVeD8Qd6lFoxsW+Kzo3T1yek0pY+f8wSOHsOvK
4DatWEAbm8kny9L8NdIUXjjFMDALrHBMyu+eJiAtZeWHTNRlLla3kIoUZ3Z+Gt9m
XXY4cf9rzKcgb+L7UB4ECth/wFMU6dHAuF83iLVNQnkueogfV+FUpw==
=/FaG
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben