Bug#596891: marked as done (samba: CVE-2010-3069: buffer overrun vulnerability Available)

Debian Bug Tracking System Wed, 15 Sep 2010 01:36:31 -0700

Your message dated Wed, 15 Sep 2010 08:33:50 +0000
with message-id <[email protected]>
and subject line Bug#596891: fixed in samba 2:3.5.5~dfsg-1
has caused the Debian Bug report #596891,
regarding samba: CVE-2010-3069: buffer overrun vulnerability Available
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
596891: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596891
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: samba
Severity: critical
Tags: security

This vulnerability has been unveiled publicly without prior warning,
so probably exploits can be in the wild already.

3.2 from lenny is affected, too. Backporting the fix seems trivial and
I think we'll be working on it ASAP.

----- Forwarded message from Karolin Seeger <[email protected]> -----

Date: Tue, 14 Sep 2010 13:14:28 +0200
From: Karolin Seeger <[email protected]>
To: [email protected], [email protected], [email protected]
Subject: [Announce] Samba 3.5.5, 3.4.9 and 3.3.14 Security Releases Available
Organization: SerNet GmbH, Goettingen, Germany
X-CRM114-Status: Good  ( pR: 82.4819 )

Release Announcements
=====================

These are a security releases in order to address CVE-2010-3069.


o  CVE-2010-3069:
   All current released versions of Samba are vulnerable to
   a buffer overrun vulnerability. The sid_parse() function
   (and related dom_sid_parse() function in the source4 code)
   do not correctly check their input lengths when reading a
   binary representation of a Windows SID (Security ID). This
   allows a malicious client to send a sid that can overflow
   the stack variable that is being used to store the SID in the
   Samba smbd server.


Changes
-------


o   Jeremy Allison <[email protected]>
    * BUG 7669: Fix for CVE-2010-3069.


o   Andrew Bartlett <[email protected]>
    * BUG 7669: Fix for CVE-2010-3069.


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba corresponding product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================


================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.3.14.html
        http://www.samba.org/samba/ftp/history/samba-3.4.9.html
        http://www.samba.org/samba/ftp/history/samba-3.5.5.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team



 ** CRM114 Whitelisted by: lists.samba.org **


----- End forwarded message -----

--

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: samba
Source-Version: 2:3.5.5~dfsg-1

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.5.5~dfsg-1_i386.deb
  to main/s/samba/libpam-smbpass_3.5.5~dfsg-1_i386.deb
libsmbclient-dev_3.5.5~dfsg-1_i386.deb
  to main/s/samba/libsmbclient-dev_3.5.5~dfsg-1_i386.deb
libsmbclient_3.5.5~dfsg-1_i386.deb
  to main/s/samba/libsmbclient_3.5.5~dfsg-1_i386.deb
libwbclient0_3.5.5~dfsg-1_i386.deb
  to main/s/samba/libwbclient0_3.5.5~dfsg-1_i386.deb
samba-common-bin_3.5.5~dfsg-1_i386.deb
  to main/s/samba/samba-common-bin_3.5.5~dfsg-1_i386.deb
samba-common_3.5.5~dfsg-1_all.deb
  to main/s/samba/samba-common_3.5.5~dfsg-1_all.deb
samba-dbg_3.5.5~dfsg-1_i386.deb
  to main/s/samba/samba-dbg_3.5.5~dfsg-1_i386.deb
samba-doc-pdf_3.5.5~dfsg-1_all.deb
  to main/s/samba/samba-doc-pdf_3.5.5~dfsg-1_all.deb
samba-doc_3.5.5~dfsg-1_all.deb
  to main/s/samba/samba-doc_3.5.5~dfsg-1_all.deb
samba-tools_3.5.5~dfsg-1_i386.deb
  to main/s/samba/samba-tools_3.5.5~dfsg-1_i386.deb
samba_3.5.5~dfsg-1.debian.tar.gz
  to main/s/samba/samba_3.5.5~dfsg-1.debian.tar.gz
samba_3.5.5~dfsg-1.dsc
  to main/s/samba/samba_3.5.5~dfsg-1.dsc
samba_3.5.5~dfsg-1_i386.deb
  to main/s/samba/samba_3.5.5~dfsg-1_i386.deb
samba_3.5.5~dfsg.orig.tar.bz2
  to main/s/samba/samba_3.5.5~dfsg.orig.tar.bz2
smbclient_3.5.5~dfsg-1_i386.deb
  to main/s/samba/smbclient_3.5.5~dfsg-1_i386.deb
swat_3.5.5~dfsg-1_i386.deb
  to main/s/samba/swat_3.5.5~dfsg-1_i386.deb
winbind_3.5.5~dfsg-1_i386.deb
  to main/s/samba/winbind_3.5.5~dfsg-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <[email protected]> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Sep 2010 23:03:35 +0200
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat 
samba-doc samba-doc-pdf libpam-smbpass libsmbclient libsmbclient-dev winbind 
samba-dbg libwbclient0
Architecture: source all i386
Version: 2:3.5.5~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Christian Perrier <[email protected]>
Description: 
 libpam-smbpass - pluggable authentication module for Samba
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient0 - Samba winbind client library
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - common files used by both the Samba server and client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation in PDF format
 samba-tools - Samba testing utilities
 smbclient  - command-line SMB/CIFS clients for Unix
 swat       - Samba Web Administration Tool
 winbind    - Samba nameservice integration server
Closes: 594325 596040 596164 596891
Changes: 
 samba (2:3.5.5~dfsg-1) unstable; urgency=high
 .
   [ Christian Perrier ]
   * New upstream release. Security release fixing:
     - CVE-2019-3069: Buffer overrun vulnerability in sid_parse.
       Closes: #596891.
   * Fix comment in swat's postinst. It is not turned off by default
     Closes: #596040
   * Drop transition code from (pre-etch) 3.0.20b-3 version in swat postinst
 .
   [ Steve Langasek ]
   * debian/control: winbind needs libpam-runtime (>= 1.0.1-6) for
     pam-auth-update.  Closes: #594325.
 .
   [ Debconf translations ]
   * Arabic (Ossama Khayat).  Closes: #596164
Checksums-Sha1: 
 0f6134716bf5895c52e7b5de431be42e352ac51d 2287 samba_3.5.5~dfsg-1.dsc
 d22fab1f081a009bcb9c586c1f5267ffd5b61c9a 26595256 samba_3.5.5~dfsg.orig.tar.bz2
 68df25eacaa126248b488536c57d50d6f0f059ed 493741 
samba_3.5.5~dfsg-1.debian.tar.gz
 dcd8794217078146449c0ad84fe51b38f2af92b3 380592 
samba-common_3.5.5~dfsg-1_all.deb
 d7157a7074156c851ad4cb19af73187769913acb 1727426 samba-doc_3.5.5~dfsg-1_all.deb
 3a60c60f15767621db5ccb9295d755ea3a9bef21 7107194 
samba-doc-pdf_3.5.5~dfsg-1_all.deb
 7fc8ae7e808dd63c5177ec948a97fd9c1df009d0 7630938 samba_3.5.5~dfsg-1_i386.deb
 a71dcf851dd5b841b985515051bed104e56ce135 5839842 
samba-common-bin_3.5.5~dfsg-1_i386.deb
 927761820a212fa5144a2c39afa0fd37d21505ef 10594202 
samba-tools_3.5.5~dfsg-1_i386.deb
 922675950055a3eaffe5b7a09dd2272989261e92 13823974 
smbclient_3.5.5~dfsg-1_i386.deb
 dca240bb48ae38bf4382d980c222883d26c06bad 2265080 swat_3.5.5~dfsg-1_i386.deb
 f31f3a87c7b294459eb9a040130de3d62c4f01ba 827928 
libpam-smbpass_3.5.5~dfsg-1_i386.deb
 57f43315fa1ddba71b0e915bd6fe99f928c2f189 1965190 
libsmbclient_3.5.5~dfsg-1_i386.deb
 0f8390c716ddb4bfb4bff75874ada29a1fa393d1 2896538 
libsmbclient-dev_3.5.5~dfsg-1_i386.deb
 cfa2b597118083a98fdf5fcea10b12a1362398f1 5289084 winbind_3.5.5~dfsg-1_i386.deb
 8092134f5912be52ab2872970d7861c4c6d6f029 57266008 
samba-dbg_3.5.5~dfsg-1_i386.deb
 bf939230032ccf735959f2996201cf8aa8bb6e95 111182 
libwbclient0_3.5.5~dfsg-1_i386.deb
Checksums-Sha256: 
 691d35ad00b17c76a754949dc12d48895aaf6cf5eace8f15d34c0a2ada9d2783 2287 
samba_3.5.5~dfsg-1.dsc
 f852fd450d8536c3f9e5f73c3ea5fd25abef770bbdea9ab7de9f96be0a5dc8f1 26595256 
samba_3.5.5~dfsg.orig.tar.bz2
 292c11d839242793b735bc73f2dc75343e8a5e93a1079eaaa59a465de5af2cf0 493741 
samba_3.5.5~dfsg-1.debian.tar.gz
 09911d290077431ccb6ad448f5d24631861c2190c361a2682d4b02d4a0968466 380592 
samba-common_3.5.5~dfsg-1_all.deb
 8ccfcb1590965310eceb58136e4338c3959df958d0e6e0166442d51ef5c6d9b8 1727426 
samba-doc_3.5.5~dfsg-1_all.deb
 906316154f315e31eec98c43311631cc097d49b50059eaa656258958b7557865 7107194 
samba-doc-pdf_3.5.5~dfsg-1_all.deb
 f56b89a965fa1ed748958fe7b6c940e0461aa0f8e896d91ea4d673a4f63199ac 7630938 
samba_3.5.5~dfsg-1_i386.deb
 985733a17b0b2cd31471aae356a9d073ee901a92d3a5e1d7ace2a1787c614452 5839842 
samba-common-bin_3.5.5~dfsg-1_i386.deb
 587f3bf6e5e240e947ba9f46caf14ab37575a1edca79b9788697d4dddd299153 10594202 
samba-tools_3.5.5~dfsg-1_i386.deb
 d6ad937125c7e9ee783530f67ed46a2330b79940a72ad2b8425fc50cb11b2701 13823974 
smbclient_3.5.5~dfsg-1_i386.deb
 8304f95e8410173fce4a85a7ee0c02e36194b492e2dbe170fb78be95483fc279 2265080 
swat_3.5.5~dfsg-1_i386.deb
 14c9d717f6a04d1413d24e60ea1adfcb86528d7b9e7be91873cca016a1015ee7 827928 
libpam-smbpass_3.5.5~dfsg-1_i386.deb
 2bf98899baf2c83ced37454448b84082461f36408c4fd4cacf24634c8cc6542d 1965190 
libsmbclient_3.5.5~dfsg-1_i386.deb
 500f80e97f7da9cc3b295eb1282a7051196efe29872d50acfe5c6bad19062fbb 2896538 
libsmbclient-dev_3.5.5~dfsg-1_i386.deb
 0c750c89e80f3033640bfdc4c1c128dbf3aa2793daba102d952368d936169098 5289084 
winbind_3.5.5~dfsg-1_i386.deb
 c6c93f27acea99cf8d2b10b1540f29857545519892bedef1b59fb9b4043c6fa2 57266008 
samba-dbg_3.5.5~dfsg-1_i386.deb
 e0343047cac0ec85d85f77673f722d5d05f3f1374a5d83e39c726a009b6cbcc2 111182 
libwbclient0_3.5.5~dfsg-1_i386.deb
Files: 
 dd64ec619d304baa7aa738999f09814c 2287 net optional samba_3.5.5~dfsg-1.dsc
 01a08dff5d140b196795d7ef1f3532f3 26595256 net optional 
samba_3.5.5~dfsg.orig.tar.bz2
 9f682f2dcaa19fef7f85b8127f207bd8 493741 net optional 
samba_3.5.5~dfsg-1.debian.tar.gz
 16680886ef966dba45eb76913400f8d5 380592 net optional 
samba-common_3.5.5~dfsg-1_all.deb
 d874a0740c2ddbefadf6339b59e03d23 1727426 doc optional 
samba-doc_3.5.5~dfsg-1_all.deb
 ead929a9bab4a8a5e2f31f8cc138cc4b 7107194 doc optional 
samba-doc-pdf_3.5.5~dfsg-1_all.deb
 c96f11ca434e7d4acf748fa57c605cb4 7630938 net optional 
samba_3.5.5~dfsg-1_i386.deb
 f9ab5b849fa9a8025d6e3df69d5405bc 5839842 net optional 
samba-common-bin_3.5.5~dfsg-1_i386.deb
 2f38c5e4da54da5d7b99aeca4e1c2f16 10594202 net optional 
samba-tools_3.5.5~dfsg-1_i386.deb
 1425a295c1c2e26b8120c60fc86d62bb 13823974 net optional 
smbclient_3.5.5~dfsg-1_i386.deb
 7c1eca1f3fff97ccd3fcb727b5328281 2265080 net optional 
swat_3.5.5~dfsg-1_i386.deb
 6c010aabc3bd3fa617f0c2e24f9b145f 827928 admin extra 
libpam-smbpass_3.5.5~dfsg-1_i386.deb
 4aa43424f4a48f0665998733f8e5d99d 1965190 libs optional 
libsmbclient_3.5.5~dfsg-1_i386.deb
 84b30a3c7e47d254cc842bd78e0b6986 2896538 libdevel extra 
libsmbclient-dev_3.5.5~dfsg-1_i386.deb
 34e9f6648ed16acc20d98d36edcc170b 5289084 net optional 
winbind_3.5.5~dfsg-1_i386.deb
 9f7e68a44c3e2e5e1b5a03e194eeee6e 57266008 debug extra 
samba-dbg_3.5.5~dfsg-1_i386.deb
 e2748ebb7796d6faf181aafedbdac147 111182 libs optional 
libwbclient0_3.5.5~dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMkHc61OXtrMAUPS0RAomeAJ4iOwi43+tz8WthepNLlXSgUiiq7QCgvQAC
XZU2bytqtXu2YEkst/VAQmA=
=yIf7
-----END PGP SIGNATURE-----

--- End Message ---

Bug#596891: marked as done (samba: CVE-2010-3069: buffer overrun vulnerability Available)

Reply via email to