-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200211-007 - - --------------------------------------------------------------------
PACKAGE : samba SUMMARY�: remote root access DATE �� : 2002-11-21 09:11 UTC EXPLOIT : remote - - -------------------------------------------------------------------- - From 2.2.7 release notes: There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Read the full release notes at http://se.samba.org/samba/whatsnew/samba-2.2.7.html SOLUTION It is recommended that all Gentoo Linux users who are running net-fs/samba-2.2.5-r1 and earlier update their systems as follows: emerge rsync emerge samba emerge clean - - -------------------------------------------------------------------- [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz [EMAIL PROTECTED] - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE93KKCfT7nyhUpoZMRAoZeAKCb7Jdu+glo0BIN3wq4+cDSbmQLKACgnbaY 2+7FwJUYxYALLzhRpckJuNE= =PWpJ -----END PGP SIGNATURE-----
