[1821] in SIPB_Linux_Development
Re: Subject: workaround for Samba bug described by ADM
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Mon Sep 29 17:56:54 1997
From: mhpower@MIT.EDU
Date: Mon, 29 Sep 1997 17:53:35 -0400
To: fubob@MIT.EDU
Cc: linux-dev@MIT.EDU, efoo@MIT.EDU
In-Reply-To: "[1819] in SIPB_Linux_Development"
Yes, definitely sending mail to linux-announce about this issue is a
good idea. There may be a few other points you could add, if you'd
like. First, there is an RPM available for RedHat 4.2 (I've attached
the mail to redhat-announce-list that mentioned this). I haven't yet
looked into what compatibility issues might occur when attempting to
use this distribution, or part of it, with RedHat 4.0. For example, it
may be possible to extract the smbd binary from this RPM, and use it
as a drop-in replacement for /usr/sbin/smbd on RedHat 4.0 machines.
Second, if you have any information at all about what happened on the
compromised machines, that would probably be helpful. For example,
is there any pattern of new files or new processes that exist on the
compromised dorm machines?
Third (and this is probably a minor issue), the specific
buffer-overflow problem that I made a patch for in my mail Friday
turns out to be one that isn't fixed in the latest Samba distribution,
1.9.17p2. I received mail from a Samba developer today stating that
this additional problem will be fixed in 1.9.17p3. As far as I know,
however, it's not strictly necessary to fix this additional problem in
order to defend against the exploit program posted by ADM.
If you want to mention this at all, you might point out that there
will likely be an additional, more minor, security update to Samba
probably within a few weeks at most.
Matt
------- Forwarded Message
To: redhat-announce-list@redhat.com
Subject: SECURITY: samba-1.9.17p2 available
Date: Fri, 26 Sep 1997 13:14:58 -0400
From: Donnie Barnes <djb@redhat.com>
- -----BEGIN PGP SIGNED MESSAGE-----
This release of samba fixes a security hole that allows remote users
to gain root access to machines running samba servers. The only
exploit posted so far is for samba servers running on Intel platform
machines, but other exploits are likely to be possible so all Red Hat
users are encouraged to update their machines.
Users who are still using Red Hat 4.0 and 4.1 are strongly encouraged
to update to 4.2 and then install this update.
These packages have been signed with Red Hat's PGP key, and are available
as follows:
i386:
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/redhat-4.2/updates/i386/samba-1.9.17p2-1rh.i386.rpm
alpha:
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/redhat-4.2/updates/alpha/samba-1.9.17p2-1rh.alpha.rpm
sparc:
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/redhat-4.2/updates/sparc/samba-1.9.17p2-1rh.sparc.rpm
SRPM:
ftp://ftp.redhat.com/pub/redhat/redhat-4.2/updates/SRPMS/samba-1.9.17p2-1rh.src.rpm
- - --Donnie
- - --
Donnie Barnes http://www.redhat.com/~djb djb@redhat.com "Bah."
Challenge Diversity. Ignore People. Live Life. Use Linux. 2003.
------- End of Forwarded Message
