diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SN-03:01.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SN-03:01.asc | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SN-03:01.asc b/share/security/advisories/FreeBSD-SN-03:01.asc new file mode 100644 index 0000000000..d00e375cc1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-03:01.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SN-03:01 Security Notice + The FreeBSD Project + +Topic: security issue in samba ports +Announced: 2003-04-07 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See +<URL:http://www.freebsd.org/ports/> for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: net/samba +Affected: versions < samba-2.2.8_2, samba-2.2.8a +Status: Fixed + +Two vulnerabilities recently: + +(1) Sebastian Krahmer of the SuSE Security Team identified +vulnerabilities that could lead to arbitrary code execution as root, +as well as a race condition that could allow overwriting of system +files. (This vulnerability was previously fixed in Samba 2.2.8.) + +(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited +correctly, leads to an anonymous user gaining root access on a Samba +serving system. All versions of Samba up to and including Samba 2.2.8 +are vulnerable. Alpha versions of Samba 3.0 and above are *NOT* +vulnerable.'' + +<URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html > +<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 > +<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 > +<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 > +<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 > ++------------------------------------------------------------------------+ +Port name: net/samba-tng +Affected: all versions +Status: Not fixed + +Some or all of the vulnerabilities affecting Samba may also affect +Samba-TNG. No confirmation or official patches are available at the +time of this security notice. ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/package, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[FreeBSD 4.x, i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +[FreeBSD 5.x, i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ + +Packages are not automatically generated for other architectures at +this time. + +Note that new, official packages may not be available on all mirrors +immediately. In the interim, Security Officer-generated packages (and +detached digital signatures) are available for the i386 architecture +at: + +[FreeBSD 4.x, i386] +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc + +[FreeBSD 5.x] +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at <security-team@FreeBSD.org>. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem +4q3eO8IxTujzRR2QwH4eyK4= +=/4KW +-----END PGP SIGNATURE----- |