Bulletin d'alerte Debian

DSA-463-1 samba -- Usurpation de privilège

Date du rapport:

12 mars 2004

Paquets concernés:

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans la base de données de suivi des bogues (chez SecurityFocus) : Identificateur BugTraq 9619.
Dans le dictionnaire CVE du Mitre : CVE-2004-0186.

Pour plus d'information:

Samba, un serveur de fichiers et d'imprimantes du type LanManager pour Unix, contient une faille de sécurité par laquelle un utilisateur local pouvait se servir de l'utilitaire smbmnt, qui a des droits root, pour monter un partage de fichiers depuis un serveur distant contenant des programmes ayant des droits spécifiques sous le contrôle de l'utilisateur. Ces programmes pouvaient alors être exécutés pour obtenir les privilèges sur le système local.

Pour la distribution stable (Woody), ce problème a été corrigé dans la version 2.2.3a-13.

Pour la distribution instable (Sid), ce problème sera corrigé dans la version 3.0.2-2.

Nous vous recommandons de mettre à jour votre paquet samba.

Corrigé dans:

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-13_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_mips.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.