Related Vulnerabilities: CVE-2004-0815

A vulnerability has been discovered in samba, a commonly used LanManager-like file and printer server for Unix. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection, though. For the stable distribution (woody) this problem has been fixed in version 2.2.3a-14.1. In the unstable (sid) and testing (sarge) distributions this problem was not present. We recommend that you upgrade your samba packages.

Source

Debian Security Advisory

DSA-600-1 samba -- arbitrary file access

Date Reported:

07 Oct 2004

Affected Packages:

samba

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2004-0815.

More information:

For the stable distribution (woody) this problem has been fixed in version 2.2.3a-14.1.

In the unstable (sid) and testing (sarge) distributions this problem was not present.

We recommend that you upgrade your samba packages.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-14.1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_mips.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

DSA-600-1 samba -- arbitrary file access

Debian Security Advisory

DSA-600-1 samba -- arbitrary file access

Debian GNU/Linux 3.0 (woody)

Vulmon Search

About

Products

Connect