Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues.
7ee6ee198ea7396983a1a87bc200592fcb2964ad00adfeb360b908b1b52b81e4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:141
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : July 27, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in samba:
The chain_reply function in process.c in smbd in Samba before 3.4.8 and
3.5.x before 3.5.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and process crash) via a Negotiate Protocol
request with a certain 0x0003 field value followed by a Session Setup
AndX request with a certain 0x8003 field value (CVE-2010-1635).
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in
Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to
trigger an out-of-bounds read, and cause a denial of service (process
crash), via a \xff\xff security blob length in a Session Setup AndX
request (CVE-2010-1642).
The updated packages provides samba 3.4.8 which is not vulnerable to
these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1642
http://samba.org/samba/history/samba-3.4.8.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
7448da14d3cd38e46ef194ce171215c4 2010.0/i586/libnetapi0-3.4.8-0.1mdv2010.0.i586.rpm
06c3fc5e7c685893a18fc6f4d8a2922a 2010.0/i586/libnetapi-devel-3.4.8-0.1mdv2010.0.i586.rpm
68ab1439a074c1f8d4662d9ee5799076 2010.0/i586/libsmbclient0-3.4.8-0.1mdv2010.0.i586.rpm
a10ab609798c947213f372c19b325dd5 2010.0/i586/libsmbclient0-devel-3.4.8-0.1mdv2010.0.i586.rpm
009d6e6bd9f84f9cee5b07930425b955 2010.0/i586/libsmbclient0-static-devel-3.4.8-0.1mdv2010.0.i586.rpm
0e1188b9bae8a6cfee48a6a1e09551f1 2010.0/i586/libsmbsharemodes0-3.4.8-0.1mdv2010.0.i586.rpm
309d86578c162b1df920f63f8c557b43 2010.0/i586/libsmbsharemodes-devel-3.4.8-0.1mdv2010.0.i586.rpm
ba544bd939276b14d73b3b2101b754dc 2010.0/i586/libwbclient0-3.4.8-0.1mdv2010.0.i586.rpm
d2441a3fbabd411a0b10dc3de9e0b1ab 2010.0/i586/libwbclient-devel-3.4.8-0.1mdv2010.0.i586.rpm
ed856faed4546f7984a5b97fd56e8a1c 2010.0/i586/mount-cifs-3.4.8-0.1mdv2010.0.i586.rpm
81983af0fd7c6d5ac2eaba11ff56039e 2010.0/i586/nss_wins-3.4.8-0.1mdv2010.0.i586.rpm
d9e710c53bd905be68601fd3f72e1624 2010.0/i586/samba-client-3.4.8-0.1mdv2010.0.i586.rpm
99097a7153e6694bd94d078c31de0cb4 2010.0/i586/samba-common-3.4.8-0.1mdv2010.0.i586.rpm
dfa4a8a6ed149ca3cf1aa5af62b517fe 2010.0/i586/samba-doc-3.4.8-0.1mdv2010.0.i586.rpm
77d65fb7fed8dad1f23863df8e90d810 2010.0/i586/samba-server-3.4.8-0.1mdv2010.0.i586.rpm
dd3e5136d2e9955c15273eafe0a68285 2010.0/i586/samba-swat-3.4.8-0.1mdv2010.0.i586.rpm
b77cad772f69755e270076bc9bce9e85 2010.0/i586/samba-winbind-3.4.8-0.1mdv2010.0.i586.rpm
108c4366915b69a5d16cf9e550c1a07c 2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
dc3ea8121670006d7f6cf03e55bc6847 2010.0/x86_64/lib64netapi0-3.4.8-0.1mdv2010.0.x86_64.rpm
667c0a292b645a34e0ef69f868b50c1e 2010.0/x86_64/lib64netapi-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
86867f07f941e401d729da99db8999c7 2010.0/x86_64/lib64smbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm
4bf349bed200e12b58a7b770bb380a4d 2010.0/x86_64/lib64smbclient0-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
166403ad036554045969d15c5d7930ce 2010.0/x86_64/lib64smbclient0-static-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
a27c18efe52f8bd84e3c9fe0397330f5 2010.0/x86_64/lib64smbsharemodes0-3.4.8-0.1mdv2010.0.x86_64.rpm
321fb245fffeaf5eb51a2374a98d82aa 2010.0/x86_64/lib64smbsharemodes-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
5c2e728292c68ba9e2792243884aec1e 2010.0/x86_64/lib64wbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm
2592b742d650311a8e41c424108fea35 2010.0/x86_64/lib64wbclient-devel-3.4.8-0.1mdv2010.0.x86_64.rpm
24aba98967dc4d1344761042c3f690b8 2010.0/x86_64/mount-cifs-3.4.8-0.1mdv2010.0.x86_64.rpm
6ee9b8449e0f3098c97ee3375b4ac1fa 2010.0/x86_64/nss_wins-3.4.8-0.1mdv2010.0.x86_64.rpm
8d965d364efd1811663942e994177613 2010.0/x86_64/samba-client-3.4.8-0.1mdv2010.0.x86_64.rpm
7b12626da40ff3a0d99af999b4025031 2010.0/x86_64/samba-common-3.4.8-0.1mdv2010.0.x86_64.rpm
d85b87de309397eaef937367f692a162 2010.0/x86_64/samba-doc-3.4.8-0.1mdv2010.0.x86_64.rpm
2072d71d0788f78ae0fbaee6c8d6ffcb 2010.0/x86_64/samba-server-3.4.8-0.1mdv2010.0.x86_64.rpm
88efc944e7a50f88c461fc8396680a71 2010.0/x86_64/samba-swat-3.4.8-0.1mdv2010.0.x86_64.rpm
e1cdabf9142b48ec1d4573162d48cdf1 2010.0/x86_64/samba-winbind-3.4.8-0.1mdv2010.0.x86_64.rpm
108c4366915b69a5d16cf9e550c1a07c 2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMTuDAmqjQ0CJFipgRAq+cAKCGuYjBRT4imHhGvLBBoECfH1aeMACfS8Ds
WGQC7SJBb9VtWWkuTKJenpQ=
=U4M8
-----END PGP SIGNATURE-----