Aviso de seguridad de Debian

DSA-200-1 samba -- explotación remota

Fecha del informe:

22 de nov de 2002

Paquetes afectados:

samba

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En el diccionario CVE de Mitre: CVE-2002-1318.

Información adicional:

Steve Langasek encontró un error explotable en el código de gestión de contraseñas en Samba: al convertir desde el código de página de DOS a Unicode little endian UCS2, no se verificaba la longitud del búfer y podía ocurrir un desbordamiento. No hay ningún programa conocido que se aproveche de esto, pero se recomienda encarecidamente una actualización.

Este problema ha sido corregido en la versión 2.2.3a-12 de los paquetes Samba de Debian y en la versión 2.2.7 del autor.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz
Componentes independientes de la arquitectura:: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb
alpha (DEC Alpha):: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb
arm (ARM):: http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_arm.deb
hppa (HP PA RISC):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_hppa.deb
i386 (Intel ia32):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_i386.deb
ia64 (Intel ia64):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_ia64.deb
powerpc (PowerPC):: http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_powerpc.deb
s390 (IBM S/390):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_s390.deb
sparc (Sun SPARC/UltraSPARC):: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.

Esta página también está disponible en los siguientes idiomas:

dansk Deutsch English français Italiano 日本語 (Nihongo) Português suomi svenska 中文(简) 中文(HK) 中文(繁)

Cómo modificar el idioma por defecto de los documentos

Para informar de un problema con el servidor web, por favor, envíe un correo (en inglés) a debian-www@lists.debian.org. Para consultar información de contacto adicional consulte la página de contactos de Debian.