diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SN-03:01.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SN-03:01.asc | 111 |
1 files changed, 0 insertions, 111 deletions
diff --git a/share/security/advisories/FreeBSD-SN-03:01.asc b/share/security/advisories/FreeBSD-SN-03:01.asc deleted file mode 100644 index d00e375cc1..0000000000 --- a/share/security/advisories/FreeBSD-SN-03:01.asc +++ /dev/null @@ -1,111 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SN-03:01 Security Notice - The FreeBSD Project - -Topic: security issue in samba ports -Announced: 2003-04-07 - -I. Introduction - -Several ports in the FreeBSD Ports Collection are affected by security -issues. These are listed below with references and affected versions. -All versions given refer to the FreeBSD port/package version numbers. -The listed vulnerabilities are not specific to FreeBSD unless -otherwise noted. - -These ports are not installed by default, nor are they ``part of -FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of -third-party applications in a ready-to-install format. FreeBSD makes -no claim about the security of these third-party applications. See -<URL:http://www.freebsd.org/ports/> for more information about the -FreeBSD Ports Collection. - -II. Ports - -+------------------------------------------------------------------------+ -Port name: net/samba -Affected: versions < samba-2.2.8_2, samba-2.2.8a -Status: Fixed - -Two vulnerabilities recently: - -(1) Sebastian Krahmer of the SuSE Security Team identified -vulnerabilities that could lead to arbitrary code execution as root, -as well as a race condition that could allow overwriting of system -files. (This vulnerability was previously fixed in Samba 2.2.8.) - -(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited -correctly, leads to an anonymous user gaining root access on a Samba -serving system. All versions of Samba up to and including Samba 2.2.8 -are vulnerable. Alpha versions of Samba 3.0 and above are *NOT* -vulnerable.'' - -<URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html > -<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 > -<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 > -<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 > -<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 > -+------------------------------------------------------------------------+ -Port name: net/samba-tng -Affected: all versions -Status: Not fixed - -Some or all of the vulnerabilities affecting Samba may also affect -Samba-TNG. No confirmation or official patches are available at the -time of this security notice. -+------------------------------------------------------------------------+ - -III. Upgrading Ports/Packages - -To upgrade a fixed port/package, perform one of the following: - -1) Upgrade your Ports Collection and rebuild and reinstall the port. -Several tools are available in the Ports Collection to make this -easier. See: - /usr/ports/devel/portcheckout - /usr/ports/misc/porteasy - /usr/ports/sysutils/portupgrade - -2) Deinstall the old package and install a new package obtained from - -[FreeBSD 4.x, i386] -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ - -[FreeBSD 5.x, i386] -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ - -Packages are not automatically generated for other architectures at -this time. - -Note that new, official packages may not be available on all mirrors -immediately. In the interim, Security Officer-generated packages (and -detached digital signatures) are available for the i386 architecture -at: - -[FreeBSD 4.x, i386] -ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz -ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc - -[FreeBSD 5.x] -ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz -ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc - - -+------------------------------------------------------------------------+ -FreeBSD Security Notices are communications from the Security Officer -intended to inform the user community about potential security issues, -such as bugs in the third-party applications found in the Ports -Collection, which will not be addressed in a FreeBSD Security -Advisory. - -Feedback on Security Notices is welcome at <security-team@FreeBSD.org>. ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.1 (FreeBSD) - -iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem -4q3eO8IxTujzRR2QwH4eyK4= -=/4KW ------END PGP SIGNATURE----- |