Published:
28 September 1997
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-97.124 -- Security bugfix for Samba 29 September 1997 =========================================================================== The Samba Team has released the following advisory concerning a vulnerability in Samba. This vulnerability may allow local and remote users to gain root access. AUSCERT recommends that all sites (not just Intel Linux ones) using Samba upgrade to the current release as described below. The following security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write this document, AUSCERT has had no control over its content. As such, the decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. Contact information for The Samba Team is included in the Security Bulletin below. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/information/advisories.html If you believe that your system has been compromised, contact AUSCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 4477 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AUSCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. - --------------------------BEGIN INCLUDED TEXT-------------------- Security bugfix for Samba ------------------------- A security hole in all versions of Samba has been recently discovered. The security hole allows unauthorized remote users to obtain root access on the Samba server. An exploit for this security hole has been posted to the internet so system administrators should assume that this hole is being actively exploited. The exploit for the security hole is very architecture specific and has been only demonstrated to work for Samba servers running on Intel based platforms. The exploit posted to the internet is specific to Intel Linux servers. It would be very difficult to produce an exploit for other architectures but it may be possible. A new release of Samba has now been made that fixes the security hole. The new release is version 1.9.17p2 and is available from ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz This release also adds a routine which logs a message if anyone attempts to take advantage of the security hole. The message (in the Samba log files) will look like this: ERROR: Invalid password length 999 your machine may be under attack by a user exploiting an old bug Attack was from IP=aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack. Please report any attacks to the appropriate authority. The Samba Team samba-bugs@samba.anu.edu.au - --------------------------END INCLUDED TEXT-------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBNDN5lSh9+71yA2DNAQHk4gQAh03uC0iS1ZiELNAFlhryc2bm4/dacNAt zXCvoNY3BK1zYK5WkFq2w6loyDCGcbhXYGZoOHG315QvCrs8AH/DnSlKxvXxd2MA UTud9mqXmz5CAUd4dp/O3UotXek/CfN67GeAP58lyC75CydKQsP3VBqV2IlgyLNo qfze6oK2kNw= =v2Nq -----END PGP SIGNATURE-----