[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Security bugfix for Samba

Title: Security bugfix for Samba
Released by: SAMBA
Date: 3rd October 1997
Printable version: Click here 
- -----BEGIN PGP SIGNED MESSAGE-----



            IMPORTANT: Security bugfix for Samba - all versions

            ---------------------------------------------------



A security hole in all versions of Samba has been recently

discovered. The security hole allows unauthorized remote users to

obtain root access on the Samba server.



An exploit for this security hole has been posted to the internet so

system administrators should assume that this hole is being actively

exploited.



The exploit for the security hole is very architecture specific and

has been only demonstrated to work for Samba servers running on Intel

based platforms. The exploit posted to the internet is specific to

Intel Linux servers. It would be very difficult to produce an exploit

for other architectures but it may be possible.



A new release of Samba has now been made that fixes the security

hole. The new release is version 1.9.17p2 and is available from :



http://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz



The md5 checksum of this new version is:



27ac28ccf084268ba5c8c0b3a0ed12e4 b samba-1.9.17p2.tar.gz



This release also adds a routine which logs a message if anyone

attempts to take advantage of the security hole. The message (in the

Samba log files) will look like this:



        ERROR: Invalid password length 999

        your machine may be under attack by a user exploiting an old bug

        Attack was from IP=aaa.bbb.ccc.ddd



where aaa.bbb.ccc.ddd is the IP address of the machine performing the

attack.



The "Samba Survey" containing the current list of Samba users that is

hosted on the Samba Web site has been temporarily suspended to remove

a list of potentially vulnerable sites. All users on this list will

be contacted and encouraged to upgrade.



Any new information will be made available on the Samba WWW site at

http://samba.anu.edu.au/samba



To report bugs and ask questions about the fix please email :

samba-bugs@samba.anu.edu.au.





        The Samba Team

        samba-bugs@samba.anu.edu.au



- -----BEGIN PGP SIGNATURE-----

Version: 2.6



iQCVAgUBNDHbEGNSlURsK/StAQEvbwP/Z4b56i42IGcHX7FExNJOSCUM2ggjucI6

koqc8sS8xj5ciOsnBBVFf+14C9+tG/hT4/4CJkwLeJ+PeaXWHkGof++Xn0TGACO9

DBzszrZDYLq0fP/4O/W+Ot0AoHjnW7JzNlC2TWyNO4RCFIxq1mmBCo6CY6ksWhNO

v7z4oThyhLE=

=8yla

- -----END PGP SIGNATURE-----






(C) 1999-2000 All rights reserved.