From owner-freebsd-security Fri Sep 26 21:07:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA21873 for security-outgoing; Fri, 26 Sep 1997 21:07:17 -0700 (PDT) Received: from mail.san.rr.com (san.rr.com [204.210.0.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA21856 for ; Fri, 26 Sep 1997 21:07:10 -0700 (PDT) Received: from dt5h1n61.san.rr.com (dt5h1n61.san.rr.com [204.210.31.97]) by mail.san.rr.com (8.8.7/8.8.7) with SMTP id UAA27890 for ; Fri, 26 Sep 1997 20:19:24 -0700 (PDT) Message-Id: <199709270319.UAA27890@mail.san.rr.com> From: "Studded" To: "freebsd-security@freebsd.org" Date: Fri, 26 Sep 97 20:19:09 -0700 Reply-To: "Studded" Priority: Normal X-Mailer: PMMail 1.92 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: samba security fix going into 2.2.5? Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I saw this on bugtraq today, and haven't noticed any comments about it. Yes, I know that the freebsd team members read bugtraq, I just wanted to be sure it was getting attention. :) Doug ==================BEGIN FORWARDED MESSAGE================== >Date: Sat, 27 Sep 1997 00:07:19 +1000 >Reply-To: Andrew.Tridgell@anu.edu.au >Sender: Bugtraq List >From: Andrew Tridgell >Subject: Security bugfix for Samba >To: BUGTRAQ@NETSPACE.ORG Security bugfix for Samba ------------------------- A security hole in all versions of Samba has been recently discovered. The security hole allows unauthorized remote users to obtain root access on the Samba server. An exploit for this security hole has been posted to the internet so system administrators should assume that this hole is being actively exploited. The exploit for the security hole is very architecture specific and has been only demonstrated to work for Samba servers running on Intel based platforms. The exploit posted to the internet is specific to Intel Linux servers. It would be very difficult to produce an exploit for other architectures but it may be possible. A new release of Samba has now been made that fixes the security hole. The new release is version 1.9.17p2 and is available from ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz This release also adds a routine which logs a message if anyone attempts to take advantage of the security hole. The message (in the Samba log files) will look like this: ERROR: Invalid password length 999 you're machine may be under attack by a user exploiting an old bug Attack was from IP=aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack. The Samba Team samba-bugs@samba.anu.edu.au ===================END FORWARDED MESSAGE=================== Do thou amend thy face, and I'll amend my life. -Shakespeare, "Henry V"