AUSCERT External Security Bulletin Redistribution

                  ESB-97.124 -- Security bugfix for Samba
                            29 September 1997


The Samba Team has released the following advisory concerning a vulnerability
in Samba.  This vulnerability may allow local and remote users to gain
root access.  AUSCERT recommends that all sites (not just Intel Linux
ones) using Samba upgrade to the current release as described below.

The following security bulletin is provided as a service to AUSCERT's
members.  As AUSCERT did not write this document, AUSCERT has had no
control over its content.  As such, the decision to use any or all of this
information is the responsibility of each user or organisation, and should
be done so in accordance with site policies and procedures.

Contact information for The Samba Team is included in the Security Bulletin
below.  If you have any questions or need further information, please
contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your system has been compromised, contact AUSCERT or your
representative in FIRST (Forum of Incident Response and Security Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 4477
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
	AUSCERT personnel answer during Queensland business hours
	which are GMT+10:00 (AEST).
	On call after hours for emergencies.

- --------------------------BEGIN INCLUDED TEXT--------------------

		Security bugfix for Samba

A security hole in all versions of Samba has been recently
discovered. The security hole allows unauthorized remote users to
obtain root access on the Samba server.

An exploit for this security hole has been posted to the internet so
system administrators should assume that this hole is being actively

The exploit for the security hole is very architecture specific and
has been only demonstrated to work for Samba servers running on Intel
based platforms. The exploit posted to the internet is specific to
Intel Linux servers. It would be very difficult to produce an exploit
for other architectures but it may be possible.

A new release of Samba has now been made that fixes the security
hole. The new release is version 1.9.17p2 and is available from

This release also adds a routine which logs a message if anyone
attempts to take advantage of the security hole. The message (in the
Samba log files) will look like this:

	ERROR: Invalid password length 999
	your machine may be under attack by a user exploiting an old bug
	Attack was from IP=aaa.bbb.ccc.ddd

where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack.

Please report any attacks to the appropriate authority.

	The Samba Team

- --------------------------END INCLUDED TEXT--------------------

Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key