[Sun] UPDATE: Schwachstellen in Samba bis Version 3.0.29 – 249087

[Sun] UPDATE: Schwachstellen in Samba bis Version 3.0.29 - 249087

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

Bitte beachten Sie, dass dies ein Update des Advisories ist, das die
folgenden Aenderungen betrifft:

Mit diesem Update gibt Sun die Verfuegbarkeit von Patches bekannt.

CVE-2008-4314 – Schwachstellen in Samba bis Version 3.2.4

In Samba bis einschliesslich Version 3.2.4 werden Offsets bei der
Verarbeitung von “trans”, “trans2” und “nttrans” Anfragen nicht
korrekt ueberprueft. Ein entfernter Angreifer kann mit Hilfe
entsprechend manipulierter Anfragen einen Samba-Server dazu bringen,
die weitere Verarbeitung der Anfragen mit Daten aus einem anderen
Speicherbereich durchzufuehren. Der Samba-Server kann dadurch
zumindest zum Absturz gebracht werden. Es ist unklar, ob der Angreifer
so zum Beispiel an potentiell sensible Informationen gelangen kann.

Betroffen sind die folgenden Software Pakete und Plattformen:

Samba

SPARC Plattform
* Solaris 9 ohne Patch 114684-13
* Solaris 10 ohne Patch 119757-14
* OpenSolaris basierend auf Builds vor snv_106

x86 Plattform
* Solaris 9 ohne Patch 114685-13
* Solaris 10 ohne Patch 119758-14
* OpenSolaris basierend auf Builds vor snv_106

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-249087-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-249087-1

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Torsten Voss

– —

Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

16. DFN-Workshop Sicherheit in vernetzten Systemen
https://www.dfn-cert.de/ws2009/

Solution Type Sun Alert
Solution 249087 : Security Vulnerability in samba(7) Specially
Crafted Packet May Expose Arbitrary Buffer of Data
Related Categories

* Home>Content>Sun Alert Criteria Categories>Security
* Home>Content>Sun Alert Release Phase>Resolved

Bug ID
6773861

Product
Solaris 9 Operating System
Solaris 10 Operating System
SAMBA

Date of Workaround Release
08-Jan-2009

Date of Resolved Release
02-Feb-2009

SA Document Body
Security Vulnerability in samba(7) Specially Crafted Packet May Expose Arbitrar
y Buffer of Data

1. Impact
An information disclosure security vulnerability in Samba (SAMBA(7))
may allow a remote unprivileged user to read arbitrary memory buffer
contents and cause a Denial of Service (DoS) via crafted requests.
Additional information on this issue can be found in the following
document:
CVE-2008-4314
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
2. Contributing Factors
SPARC Platform
* Solaris 9 with patch 114684-12 and without patch 114684-13
* Solaris 10 with patch 119757-13 and without patch 119757-14
* OpenSolaris based upon builds snv_92 through snv_105

x86 Platform
* Solaris 9 with patch 114685-12 and without patch 114685-13
* Solaris 10 with patch 119758-13 and without patch 119758-14
* OpenSolaris based upon builds snv_92 through snv_105

with the following versions of Samba software:
* Samba 3.0.0 through 3.0.29

Notes:
1. Solaris 8 does not include the Samba software and is therefore not
affected by this issue.
To determine the version of Samba installed on a system, the following
command can be run:
% /usr/sfw/sbin/smbd -V
Version 3.0.4

To determine if a system is configured as a Samba server, the following
command can be run to check for processes related to Samba:
% ps -ef | grep mbd
root 317 1 0 May 26 ? 0:01 /usr/sfw/sbin/smbd -D
root 325 317 0 May 26 ? 0:00 /usr/sfw/sbin/smbd -D
root 314 1 0 May 26 ? 0:27 /usr/sfw/sbin/nmbd -D
root 28369 17382 0 23:17:46 pts/2 0:00 grep mbd

If the output shows “smbd” or “nmbd” running as a daemon (with the -D
parameter), the system is configured as a Samba server.
3. Symptoms
There are no predictable symptoms that would indicate the described
vulnerability has been exploited to compromise the arbitrary memory
contents.
4. Workaround
To work around the described issue for the Samba server, the Samba
service may be stopped by using the following command:
On Solaris 9:
# /etc/init.d/samba stop

On Solaris 10 and later:
# svcadm disable samba

5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 9 with patch 114684-13 or later
* Solaris 10 with patch 119757-14 or later
* OpenSolaris based upon builds snv_106 or later

x86 Platform
* Solaris 9 with patch 114685-13 or later
* Solaris 10 with patch 119758-14 or later
* OpenSolaris based upon builds snv_106 or later

For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an “AS IS”
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.

Modification History
30-Jan-2009: Updated Contributing Factors and Resolution sections for Solaris 9
02-Feb-2009: Updated Contributing Factors and Resolution sections for Solaris 1
0; now Resolved

Attachments
This solution has no attachment

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFJiY2Xk0kIxZMiiQ8RAtgYAKCnYPmerQZ8xhGVQ8g89vBPnXogygCeIeVb
9I6hebnCMgO9ybktOUOMzCo=
=9kcT
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben