COMMAND

    samba

SYSTEMS AFFECTED

    Samba prior to 2.0.5

PROBLEM

    Olaf Kirch found following vulnerabilities in samba:

    1) a denial  of service attack  on nmbd (the  netbios name service
       daemon). The attack made nmbd spin using up CPU resources until
       it was killed.

    2) A buffer  overflow in the  message service in  smbd.  This  was
       exploitable if  the system  administrator had  set the "message
       command" option in smb.conf. This option is not set by default.

    3) A race condition in smbmnt which would allow a user to mount at
       arbitrary  points  in  the  filesystem.   This  could  only  be
       exploited if smbmnt is setuid, which it is not by default.

SOLUTION

    Samba 2.0.5 has just been  released. This fixes a number  of bugs,
    including  3  security  holes  mentioned  above.   If  you  cannot
    upgrade  to  version  2.0.5  then  it is recommended the following
    action as temporary workarounds:

        1) remove the  "message command" option  from smb.conf if  you
           have set it.
        2) remove the setuid bit from smbmnt if it is set (use  "chmod
           u-s smbmnt")
        3) if  nmbd starts  using large  amounts of  CPU then kill and
           restart it.

    RedHat patches:

      Intel: ftp://updates.redhat.com/6.0/i386/
        samba-2.0.5a-1.i386.rpm
        samba-client-2.0.5a-1.i386.rpm

      Alpha: ftp://updates.redhat.com/6.0/alpha/
        samba-2.0.5a-1.alpha.rpm
        samba-client-2.0.5a-1.alpha.rpm

      Sparc: ftp://updates.redhat.com/6.0/sparc/
        samba-2.0.5a-1.sparc.rpm
        samba-client-2.0.5a-1.sparc.rpm

      Source: ftp://updates.redhat.com/6.0/
        samba-2.0.5a-1.src.rpm

      Intel: ftp://updates.redhat.com/5.2/i386/
        samba-2.0.5a-0.5.2.i386.rpm
        samba-client-2.0.5a-0.5.2.i386.rpm

      Alpha: ftp://updates.redhat.com/5.2/alpha/
        samba-2.0.5a-0.5.2.alpha.rpm
        samba-client-2.0.5a-0.5.2.alpha.rpm

      Sparc: ftp://updates.redhat.com/5.2/sparc/
        samba-2.0.5a-0.5.2.sparc.rpm
        samba-client-2.0.5a-0.5.2.sparc.rpm

      Source: ftp://updates.redhat.com/5.2/
        samba-2.0.5a-0.5.2.src.rpm

      Intel: ftp://updates.redhat.com/4.2/i386/
        samba-2.0.5a-0.4.2.i386.rpm
        samba-client-2.0.5a-0.4.2.i386.rpm

      Alpha: ftp://updates.redhat.com/4.2/alpha/
        samba-2.0.5a-0.4.2.alpha.rpm
        samba-client-2.0.5a-0.4.2.alpha.rpm

      Sparc: ftp://updates.redhat.com/4.2/sparc/
        samba-2.0.5a-0.4.2.sparc.rpm
        samba-client-2.0.5a-0.4.2.sparc.rpm

      Source: ftp://updates.redhat.com/4.2/
        samba-2.0.5a-0.4.2.src.rpm

    Debian has released updated samba packages as well:

        http://security.debian.org/dists/stable/updates/source/samba_2.0.5a-1.diff.gz
        http://security.debian.org/dists/stable/updates/source/samba_2.0.5a.orig.tar.gz

        http://security.debian.org/dists/stable/updates/binary-all/samba-doc_2.0.5a-1_all.deb
        http://security.debian.org/dists/stable/updates/binary-alpha/samba-common_2.0.5a-1_alpha.deb
        http://security.debian.org/dists/stable/updates/binary-alpha/samba_2.0.5a-1_alpha.deb
        http://security.debian.org/dists/stable/updates/binary-alpha/smbclient_2.0.5a-1_alpha.deb
        http://security.debian.org/dists/stable/updates/binary-alpha/smbfs_2.0.5a-1_alpha.deb
        http://security.debian.org/dists/stable/updates/binary-alpha/smbwrapper_2.0.5a-1_alpha.deb
        http://security.debian.org/dists/stable/updates/binary-alpha/swat_2.0.5a-1_alpha.deb

        http://security.debian.org/dists/stable/updates/binary-i386/samba-common_2.0.5a-1_i386.deb
        http://security.debian.org/dists/stable/updates/binary-i386/samba_2.0.5a-1_i386.deb
        http://security.debian.org/dists/stable/updates/binary-i386/smbclient_2.0.5a-1_i386.deb
        http://security.debian.org/dists/stable/updates/binary-i386/smbfs_2.0.5a-1_i386.deb
        http://security.debian.org/dists/stable/updates/binary-i386/smbwrapper_2.0.5a-1_i386.deb
        http://security.debian.org/dists/stable/updates/binary-i386/swat_2.0.5a-1_i386.deb

        http://security.debian.org/dists/stable/updates/binary-m68k/samba-common_2.0.5a-1_m68k.deb
        http://security.debian.org/dists/stable/updates/binary-m68k/samba_2.0.5a-1_m68k.deb
        http://security.debian.org/dists/stable/updates/binary-m68k/smbclient_2.0.5a-1_m68k.deb
        http://security.debian.org/dists/stable/updates/binary-m68k/smbfs_2.0.5a-1_m68k.deb
        http://security.debian.org/dists/stable/updates/binary-m68k/smbwrapper_2.0.5a-1_m68k.deb
        http://security.debian.org/dists/stable/updates/binary-m68k/swat_2.0.5a-1_m68k.deb

        http://security.debian.org/dists/stable/updates/binary-sparc/samba-common_2.0.5a-1_sparc.deb
        http://security.debian.org/dists/stable/updates/binary-sparc/samba_2.0.5a-1_sparc.deb
        http://security.debian.org/dists/stable/updates/binary-sparc/smbclient_2.0.5a-1_sparc.deb
        http://security.debian.org/dists/stable/updates/binary-sparc/smbfs_2.0.5a-1_sparc.deb
        http://security.debian.org/dists/stable/updates/binary-sparc/smbwrapper_2.0.5a-1_sparc.deb
        http://security.debian.org/dists/stable/updates/binary-sparc/swat_2.0.5a-1_sparc.deb

    These files will be moved into

        ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/