Bulletin d'alerte Debian

DSA-200-1 samba -- Exploitation à distance

Date du rapport:

22 novembre 2002

Paquets concernés:

samba

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le dictionnaire CVE du Mitre : CVE-2002-1318.

Pour plus d'information:

Steve Langasek a découvert un bogue exploitable dans le code qui gère les mots de passe dans samba. En convertissant un code de page DOS à un code de page petit boutiste UCS2 unicode, samba ne contrôle pas la longueur d'un tampon, si bien qu'il peut déborder. Il n'y a pas d'exploitation connue pour cette faille, mais une mise à jour est fortement conseillée.

Ce problème a été corrigé dans la version 2.2.3a-12 pour les paquets Debian samba et dans la version 2.2.7 dans la version des auteurs.

Corrigé dans:

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb
alpha (DEC Alpha):: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb
arm (ARM):: http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_arm.deb
hppa (HP PA RISC):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_hppa.deb
i386 (Intel ia32):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_i386.deb
ia64 (Intel ia64):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_ia64.deb
powerpc (PowerPC):: http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_powerpc.deb
s390 (IBM S/390):: http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_s390.deb
sparc (Sun SPARC/UltraSPARC):: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.

Cette page est aussi disponible dans les langues suivantes :

dansk Deutsch English español Italiano 日本語 (Nihongo) Português suomi svenska 中文(简) 中文(HK) 中文(繁)

Comment configurer la langue par défaut du document

Pour signaler un problème sur le site web, envoyez un courriel en anglais à debian-www@lists.debian.org ou en français à debian-l10n-french@lists.debian.org. Pour obtenir d'autres informations, référez-vous à la page contact de Debian.