Re: samba security -- more info?

To: rulnick@ece.wpi.edu
Cc: havenerk@thunder.safb.af.mil, joost@rulcmc.leidenuniv.nl, debian-user@lists.debian.org
Subject: Re: samba security -- more info?
From: joost@rulcmc.leidenuniv.nl (joost witteveen)
Date: Tue, 30 Sep 1997 17:53:27 +0200 (CEST)
Message-id: <[🔎] m0xG4c3-000CLKC@rulcmc.leidenuniv.nl>
In-reply-to: <[🔎] m0xG4Wg-0005itC@beaver.wpi.edu> from "John M. Rulnick" at "Sep 30, 97 11:47:54 am"

> Thank you.  Actually, I'm wondering if you could point me to the
> *source* fixes for samba (assuming it is not just a Debian security
> problem), since the information is to be passed on to a non-Debian
> sysadmin.

Well, I didn't look that far into it. Yes, you are right, it
isn't a Debian problem, and it was fixed by the samba team.

All I can do is send you the announcement made by (I presume) the
Samba team to bugtraq. It will give you the location of
the sourcefile where they say they fixed the problem. 
Maybe on the ftp site they mention they also still have the
newest version without the bugfix, and then you'll be able to
diff the two samba sourcefiles. 
Sorry, but I cannot do anything more.

> From owner-bugtraq@NETSPACE.ORG Fri Sep 26 20:05:42 1997
> Return-Path: <owner-bugtraq@NETSPACE.ORG>
> Received: from hearnnt.nic.surfnet.nl ([192.87.5.133]) by rulcmc.leidenuniv.nl
>   with esmtp id <m0xEelq-000CL1C@rulcmc.leidenuniv.nl>
> 	  (Debian Smail-3.2 1996-Jul-4 #2); Fri, 26 Sep 1997 20:05:42 +0200 (CEST)
> Received: from hearnnt (192.87.5.133) by hearnnt.nic.surfnet.nl (LSMTP for Windows N
> T v1.1a) with SMTP id <0.F992B010@hearnnt.nic.surfnet.nl>; Fri, 26 Sep 1997 20:01:27
>  +0200
> Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
> 	    spool id 4901339 for BUGTRAQ@NETSPACE.ORG; Fri, 26 Sep 1997 11:39:22
> 	    -0400
> Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by
> 	    netspace.org (8.8.7/8.8.2) with ESMTP id LAA12708 for
> 	    <BUGTRAQ@NETSPACE.ORG>; Fri, 26 Sep 1997 11:28:21 -0400
> Received: from unknown@netspace.org (port 56069 [128.148.157.6]) by
> 	    brimstone.netspace.org with ESMTP id <16328-25824>; Fri, 26 Sep 1997
> 	    11:28:13 -0400
> Approved-By: aleph1@UNDERGROUND.ORG
> Received: from samba.anu.edu.au (samba.anu.edu.au [150.203.164.44]) by
> 	    netspace.org (8.8.7/8.8.2) with ESMTP id KAA03099 for
> 	    <bugtraq@NETSPACE.ORG>; Fri, 26 Sep 1997 10:08:02 -0400
> Received: from tridge@localhost by samba.anu.edu.au id <12593854-13111>; Sat,
> 	    27 Sep 1997 00:07:22 +1000
> Message-ID:  <19970926140722Z12593854-13111+3@samba.anu.edu.au>
> Date:         Sat, 27 Sep 1997 00:07:19 +1000
> Reply-To:     Andrew.Tridgell@anu.edu.au
> Sender:       Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> From:         Andrew Tridgell <tridge@SAMBA.ANU.EDU.AU>
> Subject:      Security bugfix for Samba
> To:           BUGTRAQ@NETSPACE.ORG
> Status: RO
> 
> 		  Security bugfix for Samba
> 		  -------------------------
> 
> A security hole in all versions of Samba has been recently
> discovered. The security hole allows unauthorized remote users to
> obtain root access on the Samba server.
> 
> An exploit for this security hole has been posted to the internet so
> system administrators should assume that this hole is being actively
> exploited.
> 
> The exploit for the security hole is very architecture specific and
> has been only demonstrated to work for Samba servers running on Intel
> based platforms. The exploit posted to the internet is specific to
> Intel Linux servers. It would be very difficult to produce an exploit
> for other architectures but it may be possible.
> 
> A new release of Samba has now been made that fixes the security
> hole. The new release is version 1.9.17p2 and is available from
> ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz
> 
> This release also adds a routine which logs a message if anyone
> attempts to take advantage of the security hole. The message (in the
> Samba log files) will look like this:
> 
> 	  ERROR: Invalid password length 999
> 	  you're machine may be under attack by a user exploiting an old bug
> 	  Attack was from IP=aaa.bbb.ccc.ddd
> 
> where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack.
> 
> 	  The Samba Team
> 	  samba-bugs@samba.anu.edu.au
> 

-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: samba security -- more info?
  - From: "John M. Rulnick" <rulnick@beaver.wpi.edu>

Prev by Date: Re: samba security -- more info?
Next by Date: Re: samba security -- more info?
Previous by thread: Re: samba security -- more info?
Next by thread: Re: samba security -- more info?
Index(es):
- Date
- Thread