os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-SN-03:01.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

111 lines
4.4 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SN-03:01 Security Notice
The FreeBSD Project
Topic: security issue in samba ports
Announced: 2003-04-07
I. Introduction
Several ports in the FreeBSD Ports Collection are affected by security
issues. These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.
The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted.
These ports are not installed by default, nor are they ``part of
FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format. FreeBSD makes
no claim about the security of these third-party applications. See
<URL:http://www.freebsd.org/ports/> for more information about the
FreeBSD Ports Collection.
II. Ports
+------------------------------------------------------------------------+
Port name: net/samba
Affected: versions < samba-2.2.8_2, samba-2.2.8a
Status: Fixed
Two vulnerabilities recently:
(1) Sebastian Krahmer of the SuSE Security Team identified
vulnerabilities that could lead to arbitrary code execution as root,
as well as a race condition that could allow overwriting of system
files. (This vulnerability was previously fixed in Samba 2.2.8.)
(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited
correctly, leads to an anonymous user gaining root access on a Samba
serving system. All versions of Samba up to and including Samba 2.2.8
are vulnerable. Alpha versions of Samba 3.0 and above are *NOT*
vulnerable.''
<URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 >
+------------------------------------------------------------------------+
Port name: net/samba-tng
Affected: all versions
Status: Not fixed
Some or all of the vulnerabilities affecting Samba may also affect
Samba-TNG. No confirmation or official patches are available at the
time of this security notice.
+------------------------------------------------------------------------+
III. Upgrading Ports/Packages
To upgrade a fixed port/package, perform one of the following:
1) Upgrade your Ports Collection and rebuild and reinstall the port.
Several tools are available in the Ports Collection to make this
easier. See:
/usr/ports/devel/portcheckout
/usr/ports/misc/porteasy
/usr/ports/sysutils/portupgrade
2) Deinstall the old package and install a new package obtained from
[FreeBSD 4.x, i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
[FreeBSD 5.x, i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/
Packages are not automatically generated for other architectures at
this time.
Note that new, official packages may not be available on all mirrors
immediately. In the interim, Security Officer-generated packages (and
detached digital signatures) are available for the i386 architecture
at:
[FreeBSD 4.x, i386]
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc
[FreeBSD 5.x]
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz
ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc
+------------------------------------------------------------------------+
FreeBSD Security Notices are communications from the Security Officer
intended to inform the user community about potential security issues,
such as bugs in the third-party applications found in the Ports
Collection, which will not be addressed in a FreeBSD Security
Advisory.
Feedback on Security Notices is welcome at <security-team@FreeBSD.org>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem
4q3eO8IxTujzRR2QwH4eyK4=
=/4KW
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink