Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.0003 -- [UNIX/Linux][Ubuntu]
Samba vulnerability
6 January 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: samba
Publisher: Ubuntu
Operating System: Ubuntu
UNIX variants (UNIX, Linux, OSX)
Impact: Inappropriate Access
Access: Existing Account
CVE Names: CVE-2009-0022
Original Bulletin: http://www.ubuntu.com/usn/usn-702-1
Comment: This advisory references vulnerabilities in products which run on
platforms other than Ubuntu. It is recommended that administrators
running Samba check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
===========================================================
Ubuntu Security Notice USN-702-1 January 05, 2009
samba vulnerability
CVE-2009-0022
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
samba 2:3.2.3-1ubuntu3.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Gunter Hockel discovered that Samba with registry shares enabled did not
properly validate share names. An authenticated user could gain access to the
root filesystem by using an older version of smbclient and specifying an
empty string as a share name. This is only an issue if registry shares are
enabled on the server by setting "registry shares = yes", "include = registry",
or "config backend = registry", which is not the default.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.diff.gz
Size/MD5: 228722 0f792a410505a9918479562ef16ccef4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.dsc
Size/MD5: 1902 0bda9c946d4f940383ca31bb7ad3e3e8
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz
Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.4_all.deb
Size/MD5: 6261402 cdfa982dd0b9c04511734aba9cb98f43
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.4_all.deb
Size/MD5: 7954776 d12c0694fa65e5f7162d5322f6765822
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 638726 cc8150b5214fb77d9dfc019b2526cb7c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 1968610 adbbd514e01210d81004f1b9e674701e
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 1370212 3192295c2170f5342235edcfd5a2044a
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 89088 fd98b8c2d156a43597d81cb3c05ab3de
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 3815552 f36fd7dc29e504467a9e0c08f675dc48
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 1993446 547e40f9cbc9e94908b9c21b54cf7c1f
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 5802386 e3e7c712a2784007497213bb0cf2d3d1
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 4908532 9188ed5c2e93fcfcc93ffb57aa33a4eb
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 7173498 6098ce448371e6cb7ba8a7d1acc82f39
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 1529412 99c94bc3bc8b4ca40b70844062cb0158
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 1112728 6e7be6d81d4bb9645fe7049ad1098e24
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_amd64.deb
Size/MD5: 3349950 4865e691932849cb5d554b27dc8203c6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 574078 2547fa4ec3a2704e7600cfc1682e2678
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 1844540 d766893ef3b88eefe3a5ff236d37a083
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 1217736 fb4a6dcac85271bb5abd3102e246e908
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 87620 145a90245f66ae82c94611c9a5ef90c6
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 3459480 f83b000101753604b107b969cbafaf38
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 2077500 e4d3bba7c3992d54a002a3de960da088
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 5161386 2f816bd0759b5395312b0260b2b1a830
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 4368978 e94a0a0065575763eb688719be55bb55
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 6402838 50306da79199442d648c653563d818e8
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 1375964 bb03430c3f6d5f0b6a0ce5582fc4d355
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 1006606 f296946e86f49c6fb12b6a6fc74e5006
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_i386.deb
Size/MD5: 2975328 c9581db640df6618b35bf0386817185e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 553748 4158873bb22c417e2817099582adef0c
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 1769190 f6dea760e2013d0902aea9bb366a7117
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 1160952 11776d3e92c48211b61d9aad4a83092a
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 87062 ac2ead655b9e860e180778bdc3b601d8
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 3328740 fc6f54cab0701fc9c2f9f40712a322aa
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 2069796 5a757bef21769a0f99d571a9b16f0f41
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 4950004 4e7fd36bae326ccc396c16c023ad6789
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 4197392 34b7b42b2c5ab302afc86abca35cf459
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 6136884 b3f071c6be8fb4b0ae36b9a4f342328c
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 1317220 a2c2ba9a7251b9e66b7541012493a91d
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 968410 72ced84400e6d8739710fcde6f4bafea
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_lpia.deb
Size/MD5: 2855910 d92babc2dda651f130f15e16d887853c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 606564 344aced9680f82f2144be4845d4f91a3
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 1730412 8068336341c057b8d95be0601c204e3c
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 1255134 86970b95de4ed88deb2d0497bc532fd6
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 89038 cc4c8f2c4da9b4e8df3608c4a12547fb
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 3600282 9cd6002671370f4ae3d8a26ff72fb60f
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 2058546 1aecd0379eecc99b41fc6ce2a69309c7
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 5474936 044102518d3695912332b4eae9527b4b
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 4640066 96726a3b481e8e220d9e1ab27cd31a2f
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 6653622 f778f74e99accb34e8f385c5804b3d1e
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 1417512 7a4323d2fe779cb63c7f1ad7387b1b83
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 1046216 75bd47fd42c6ae14db5573e8b176137e
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_powerpc.deb
Size/MD5: 3123092 d2664b3080094bb24b530513c6359003
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 592718 5debe4b94931b2c88f8fa475f5f77bc4
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 2008260 f498681d446a2ad9fc9f524fd077b4ae
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 1216100 c01b1c22f857ed00cef34c6c8be07fb9
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 87638 08d33dc1f635ce0a7937c944a8009d49
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 3501506 eb3aedcad68acbaa6624173801aebe91
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 2007758 a3dfca08a50155f594c51ca801a258ad
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 5327954 1e480e57d3de6bfcce1a179d23a6d817
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 4502118 ba2c5b5240d8de234da5e5e006924da4
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 6448130 13a2ae5a41f1d7d026f109986927813b
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 1371138 05fc1469ba4f74621b93b47a3205b1cb
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 1019768 bf17ef67379f1b0c0ef76d74ffe3cd66
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_sparc.deb
Size/MD5: 3029050 88018f0ef574839c0d956e62b5f873d6
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSWKUxyh9+71yA2DNAQK2eAQAls8JHCxqjixDgCeOrcfuoTjTm5ssx/OQ
3Zx+X7f4j0R2DFPIGC8pc0vZ7GVAHE11yQr1AuL7b15q3EwjJVDJFRMkPfCn28HG
IqWGa/w1SLpZZuLt5rC0DP2PRoeebIiKWIXSb8XdY2AROOGmty/YX1GsVyQk5TEZ
FbbbkL9MR3E=
=93hB
-----END PGP SIGNATURE-----