<<< Date Index >>>     <<< Thread Index >>>

[UPDATED] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : Samba security update available avaliable for download.



To: full-disclosure@xxxxxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx 
announce@xxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : 
Samba security update available avaliable for download.
Advisory number:        CSSA-2003-SCO.13.1
Issue date:             2003 September 10
Cross reference:        erg875829 fz527531 sr876763
______________________________________________________________________________


1. Problem Description

         This vulnerability, if exploited correctly, leads to an
         anonymous user gaining root access on a Samba serving
         system. All versions of Samba up to and including Samba
         2.2.8 are vulnerable. An active exploit of the bug has
         been reported in the wild. The Common Vulnerabilities and
         Exposures (CVE) project has assigned: CAN-2003-0201:Buffer
         overflow in the call_trans2open function in trans2.c for
         Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions,
         and Samba-TNG before 0.3.2, allows remote attackers to
         execute arbitrary code. and CAN-2003-0085: Buffer overflow
         in the SMB/CIFS packet fragment re-assembly code for SMB
         daemon (smbd) in Samba before 2.2.8, and Samba-TNG before
         0.3.1, allows remote attackers to execute arbitrary code.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.5                Distribution
        OpenServer 5.0.6                Distribution
        OpenServer 5.0.7                Distribution

3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.6 OpenServer 5.0.5 

        4.1 First install:

                oss646b - Execution Environment Supplement
                gwxlibs version 1.2.1Ba - gwxlibs supplement

        4.2 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.13

        4.3 Verification

        MD5 (VOL.000.000) = 175ce3f07683a3a29ce248d1393813ec

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.4 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.

5. OpenServer 5.0.7

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.13

        5.2 Verification

        MD5 (VOL.000.000) = 175ce3f07683a3a29ce248d1393813ec

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.

6. References

        Specific references for this advisory:
                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 
                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents erg875829, fz527531,
        sr876763.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgements

        Thanks to Sebastian Krahmer, SuSE Security Team, and Digital
        Defense, Inc. who alerted the Samba Team to this vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/X5PHaqoBO7ipriERAmMGAKCOVraWAsdKm2UrfEo4ZAMOS3JDQACcDyKt
Lsdzs0IiK/WnAbKStbaI6NI=
=LPor
-----END PGP SIGNATURE-----