Rapid7 Vulnerability & Exploit Database

RHSA-2003:226: Updated samba packages fix security vulnerabilities

Back to Search

RHSA-2003:226: Updated samba packages fix security vulnerabilities

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/05/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated Samba packages fixing various security vulnerabilities are now available for Red Hat Linux on IBM iSeries and pSeries systems.

Samba is a suite of utilities providing file and printer sharing services to SMB/CIFS clients. A buffer overflow in the SMB/CIFS packet fragment re-assembly code for the SMB daemon (smbd) in unpatched versions of Samba before 2.2.8 allows remote attackers to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0085 to this issue. The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0086 to this issue. Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team during a code audit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0196 to this issue. A buffer overflow in the call_trans2open function allows remote attackers to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0201 to this issue. All users of Samba are advised to update to the packages listed in this erratum, which contain backported patches correcting these vulnerabilities.

Solution(s)

  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;