Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
samba DoS (SSA:2004-257-01)
Posted by Philipp Esselbach on: 09/14/2004 04:43 AM [ Print | 0 comment(s) ]
New samba packages are available for Slackware 10.0 and -current.
These fix two denial of service vulnerabilities reported by
iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
These fix two denial of service vulnerabilities reported by
iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Sep 13 17:07:20 PDT 2004
patches/packages/samba-3.0.5-i486-3.tgz: Patched two Denial of Service
vulnerabilities in samba-3.0.5.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.5-i486-3.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.7-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
a8bf821c6b6febd69dd0d1958c3b7796 samba-3.0.5-i486-3.tgz
Slackware -current package:
acdaf5bc8b3777245d0ed51bcc4acec4 samba-3.0.7-i486-1.tgz
Installation instructions:
+------------------------+
As root, stop the samba server:
. /etc/rc.d/rc.samba stop
Next, upgrade the samba package(s) with upgradepkg:
upgradepkg samba-3.0.5-i486-3.tgz
Finally, start samba again:
. /etc/rc.d/rc.samba start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Sep 13 17:07:20 PDT 2004
patches/packages/samba-3.0.5-i486-3.tgz: Patched two Denial of Service
vulnerabilities in samba-3.0.5.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.5-i486-3.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.7-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 10.0 package:
a8bf821c6b6febd69dd0d1958c3b7796 samba-3.0.5-i486-3.tgz
Slackware -current package:
acdaf5bc8b3777245d0ed51bcc4acec4 samba-3.0.7-i486-1.tgz
Installation instructions:
+------------------------+
As root, stop the samba server:
. /etc/rc.d/rc.samba stop
Next, upgrade the samba package(s) with upgradepkg:
upgradepkg samba-3.0.5-i486-3.tgz
Finally, start samba again:
. /etc/rc.d/rc.samba start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Related Threads
01/18/2005 05:38 AM: Cant log on XP with Samba Domain Controller (6) by Blaktyger