VARIoT IoT vulnerabilities database
| VAR-201003-0011 | CVE-2009-4664 | Firewall Builder Vulnerability gained in |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. Firewall Builder creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files or to execute arbitrary code with elevated privileges.
Firewall Builder 3.0.4, 3.0.5, and 3.0.6 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Firewall Builder Insecure Temporary Files
SECUNIA ADVISORY ID:
SA36809
VERIFY ADVISORY:
http://secunia.com/advisories/36809/
DESCRIPTION:
A security issue has been reported in Firewall Builder, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges. This
can be exploited to e.g. overwrite arbitrary files via symlink
attacks.
Note: Only scripts setting iptable's static routing configuration are
affected.
The security issue is reported in versions 3.0.4, 3.0.5, and 3.0.6.
SOLUTION:
Update to version 3.0.7.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
Firewall Builder is a GUI for easy management of multiple firewall
platforms.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Firewall Builder users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since March 09, 2010. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2008-4956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956
[ 2 ] CVE-2009-4664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Fedora update for fwbuilder and libfwbuilder
SECUNIA ADVISORY ID:
SA38585
VERIFY ADVISORY:
http://secunia.com/advisories/38585/
DESCRIPTION:
Fedora has issued an update for fwbuilder and libfwbuilder.
For more information:
SA36809
SOLUTION:
Apply updated packages using the yum utility ("yum update fwbuilder
libfwbuilder")
| VAR-200909-0207 | CVE-2009-3272 | Apple Safari of WebKit.dll Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. Apple Safari of WebKit of WebKit.dll In this case, a stack consumption state occurs, which disrupts service operation. Safari is prone to a denial-of-service vulnerability. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server.
ORIGINAL ADVISORY:
SUSE-SR:2011:002:
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0478 | CVE-2009-3248 |
vtiger CRM of RSS Module vulnerable to cross-site request forgery
Related entries in the VARIoT exploits database: VAR-E-200908-0598 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php
| VAR-200909-0480 | CVE-2009-3250 |
vtiger CRM of Compose Mail Vulnerability to execute arbitrary code in function
Related entries in the VARIoT exploits database: VAR-E-200908-0598 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. (1) specific Apache HTTP Server Setting environment .php (2) Windows upper .php (3) Linux upper .php/. vtiger CRM is prone to a remote security vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition
| VAR-200909-0213 | CVE-2009-3257 | vtiger CRM Vulnerabilities in which permissions are bypassed |
CVSS V2: 3.6 CVSS V3: - Severity: LOW |
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile. vtiger CRM is prone to a remote security vulnerability
| VAR-200909-0577 | No CVE | Avaya Intuity Audix LX Multiple Input Validation Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Intuity Audix LX is a powerful multimedia messaging server. Multiple CGI perl scripts in the /html/cswebadm/basic/cgibin/ directory of Intuity Audix LX do not properly validate user-submitted parameter requests, and remote attackers can execute arbitrary code by submitting HTTP POST requests; The url parameter of /cgi-bin/smallmenu.pl may cause cross-site scripting attacks; the use of tokenization protection management changes when logging into the web interface may result in cross-site request forgery attacks. Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including:
1. Multiple remote command-execution vulnerabilities
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system, steal cookie-based authentication credentials, execute arbitrary script code, and perform administrative tasks. Other attacks are also possible
| VAR-200909-0481 | CVE-2009-3251 | vtiger CRM of include/utils/ListViewUtils.php Vulnerabilities that bypass restrictions |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. vtiger CRM is prone to a security bypass vulnerability
| VAR-200909-0214 | CVE-2009-3258 | vtiger CRM Vulnerable to deleting attachments |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. vtiger CRM is prone to a remote security vulnerability
| VAR-200909-0479 | CVE-2009-3249 |
vtiger CRM Vulnerable to directory traversal
Related entries in the VARIoT exploits database: VAR-E-201103-0495, VAR-E-200908-0598 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files. A remote attacker can use (1) module parameters to graph.php; or (2) modules or (3) include/Ajax/CommonAjax.php from modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax
| VAR-200909-0582 | No CVE | Nginx proxy DNS cache domain spoofing vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Nginx is a multi-platform HTTP server and mail proxy server. Nginx maintains an internal DNS cache for the parsed domain name, but in the search cache, nginx only checks if the name's crc32 matches and the short name is a long name prefix, but does not check if the names are equal in length. If nginx is configured as a proxy cache, the remote attacker can spoof the domain name through DNS poisoning attacks, tricking the user into believing that the domain name being accessed is legitimate.
This issue can be exploited when nginx is configured to act as a forward proxy, but this is a nonstandard and unsupported configuration. Attacks against other configurations may also be possible.
Successful exploits may allow remote attackers to intercept traffic intended for legitimate websites, which may aid in further attacks
| VAR-200910-0280 | CVE-2009-2684 |
HP LaserJet upper Jetdirect Cross-site scripting vulnerability
Related entries in the VARIoT exploits database: VAR-E-200910-0253 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. (1) support_param.html/config To script Apply In action Product_URL Parameters (2) support_param.html/config To script Apply In action Tech_URL Parameters. Multiple HP printers are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01841397
Version: 1
HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
References: CVE-2009-2684
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-2684 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to security-alert@hp.com.
Affected Products - Jetdirect
Product
Jetdirect Part Number
Jetdirect Version or later
HP Color LaserJet 3000n
J7949E
V.28.XX
HP Color LaserJet CP3505
J7987E
V.34.60
HP Color LaserJet 3600n
J7973E
V.30.31
HP Color LaserJet 3800n
J7949E
V.28.XX
HP Color LaserJet 4700n
J7949E
V.28.XX
HP Color LaserJet CP4005n
J7990E
V.33.41
HP LaserJet 2410/2420/2430n
J7949E
V.28.XX
HP LaserJet P3005n
J7979E
V.33.55
HP LaserJet 4240/4250n
J7949E
V.28.XX
HP LaserJet 4350n
J7949E
V.28.XX
HP LaserJet 5200n
J7949E
V.28.XX
HP LaserJet 9040n/9050n
J7949E
V.28.XX
HP Color LaserJet 4730 MFP
J7949E
V.28.XX
HP Color LaserJet CM4730 MFP
J7991E
V.34.60
HP LaserJet 9040/9050MFP
J7949E
V.28.XX
HP LaserJet M3027/3035 MFP
J7982E
V.34.08
HP LaserJet 4345 MFP
J7949E
V.28.XX
HP LaserJet M4345x MFP
J7982E
V.34.08
HP LaserJet M5025/5035 MFP
J7982E
V.34.08
HP CM8050/8060 MFP
J7974E
V.34.40
HP DS9200c Digital Sender
J7949E
V.28.XX
HP DS9250c Digital Sender
J7992E
V.34.12
HP LaserJet P4515
J8003E
V.36.35
HP LaserJet P4015
J8003E
V.36.35
HP LaserJet P4014
J8006E
V.36.35
HP Color LaserJet CP6015
J7993E
V.36.35
HP Color LaserJet 6040 MFP
J7993E
V.36.35
HP LaserJet M9040/50 MFP
J8004E
V.36.35
Affected Products - Embedded Web Server (EWS)
Product
HP Color LaserJet 3000n
HP Color LaserJet CP3505
HP Color LaserJet 3600n
HP Color LaserJet 3800n
HP Color LaserJet 4700n
HP Color LaserJet CP4005n
HP LaserJet 2410/2420/2430n
HP LaserJet P3005n
HP LaserJet 4240/4250n
HP LaserJet 4350n
HP LaserJet 5200n
HP LaserJet 9040n/9050n
HP Color LaserJet 4730 MFP
HP Color LaserJet CM4730 MFP
HP LaserJet 9040/9050MFP
HP LaserJet M3027/3035 MFP
HP LaserJet 4345 MFP
HP LaserJet M4345x MFP
HP LaserJet M5025/5035 MFP
HP CM8050/8060 MFP
HP DS9200c Digital Sender
HP DS9250c Digital Sender
HP LaserJet P4515
HP LaserJet P4015
HP LaserJet P4014
HP Color LaserJet CP6015
HP Color LaserJet 6040 MFP
HP LaserJet M9040/50 MFP
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
RESOLUTION
The following steps can be taken to limit the exposure to the XSS vulnerabilities.
set the administrator password
use a new browser instance for administrator tasks
do not access other web sites while performing administrator tasks
exit the browser when administrator tasks are complete
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 7 October 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkrMkcsACgkQ4B86/C0qfVkloACeJjXFqi/GNPBY7Z/Zn5bkBchG
RhUAoInJdnRoqTTCkgJqrss2Etcz9ool
=xes/
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
KSP Sound Player "m3u" Playlist Buffer Overflow
SECUNIA ADVISORY ID:
SA36621
VERIFY ADVISORY:
http://secunia.com/advisories/36621/
DESCRIPTION:
hack4love has discovered a vulnerability in KSP Sound Player, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing
of "m3u" files. This can be exploited to cause a stack-based buffer
overflow when a user is tricked into opening a specially crafted
"m3u" playlist file containing an overly long entry.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Do not open files from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
hack4love
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/9624
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Input passed via the "Product_URL" and "Tech_URL" parameters to
support_param.html/config is not properly sanitised before being
used.
SOLUTION:
Filter malicious characters and character sequences in a web proxy.
See the vendor's advisory for recommended workarounds.
Details
*******
Multiple Linked Stored XSS vulnerabilities found in script support_param.html/config
Attacker can inject XSS in parameters "Product_URL" and "Tech_URL".
http://dsecrg.ru/pages/vul/show.php?id=148
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397
About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
Polyakov Alexandr
Information Security Analyst
______________________
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: a.polyakov@dsec.ru
www.dsec.ru
-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise protected
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure
is strictly prohibited. If you have received this message in error, please notify the sender immediately
either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence
via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding
statements by e-mail unless otherwise agreed.
-----------------------------------
| VAR-200909-0102 | CVE-2008-7229 | GreenSQL Firewall In SQL Vulnerability bypassing injection protection mechanism |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). Greensql Firewall is prone to a sql-injection vulnerability
| VAR-200909-0584 | No CVE | Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP |
CVSS V2: 10.0 CVSS V3: - Severity: High |
Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities that could allow an attacker to execute arbitrary commands.A remote attacker could execute arbitrary commands.
| VAR-200909-0782 | CVE-2009-2813 | Apple Mac OS of SMB Vulnerability that bypasses file sharing restrictions in subsystems |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Mac OS X is the operating system used by the Apple family of machines. This allows local users to partly disclose the
content of arbitrary files by specifying the file as credentials file and
attempting to mount a samba share (CVE-2009-2948).
A reply to an oplock break notification which samba doesn't expect could
lead to the service getting stuck in an infinite loop.
A lack of error handling in case no home diretory was configured/specified
for the user could lead to file disclosure.
For the oldstable distribution (etch), this problem will be fixed soon.
For the testing distribution (squeeze), this problem will be fixed soon.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc
Size/MD5 checksum: 1830 7cc3718e19bbad5aa7099889c6c503a5
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz
Size/MD5 checksum: 235342 836141a1924843383cc385e544c933e5
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb
Size/MD5 checksum: 7952438 630b57065388404b8a9fe3e9e111dc47
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb
Size/MD5 checksum: 6252326 cded2ecbaa3fd39bd215dbb4ec666d4c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 1945142 a6804ba408657cc4c89c80b0d6e4b8a4
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 1078442 0bedbb5cdb5ca36f52d2e1d1a6015804
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 3273896 082fdadedaf0234b97a8aefc1ef62d8a
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 2572542 ed15d1a7aa9c065986a8e896d63479e2
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 4830106 58ed5cd28d4c43d07195d013cf25553f
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 1461944 71adea7a3b47b65f8df4f3dc5efc4422
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 81488 d521efbda414cf6d4a588873442eb987
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 5730522 cca571adc80b833e7d9c45d5dd7fa103
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 637762 b526ea1ed9ca51d132a7685ec8320eea
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 1333234 36e35a3c252fabcfd2ec0ba8407323ca
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 3736262 9dc1a726efda21fa112ef2641c9b1f6a
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb
Size/MD5 checksum: 6953202 b3e8de8b127bcd1f5dda4db61ed44b20
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 3274278 b732915df239ea1a9fff196250d6d383
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 1493684 460ed93756df58adfa57870d06c9aaff
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 627686 70379a8e6ce3b5d6de6af6b895d30619
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 3728204 ac7fb1f7d07628d0452d10e62b2d661d
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 1083940 5ca50cf6abd792b51e501f846f782231
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 5646144 09130baf353097710d6df8a6586875d7
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 1953358 e7c3f85d21b94e62baf0bc5849d8a7ed
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 80522 507bc24d176289793eadd28f4623e331
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 1358910 6ec7ccedec85f92e175b99c6abfb76ba
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 1995586 be70b626e522a6d10947717cc4dad784
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 7007462 b3a959d7475adb2d8aefc1d590690744
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb
Size/MD5 checksum: 4775388 b2adb39f3d76b691a747126efd40452a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 561128 0d9cc7d736f2ac3af0037fb0538885bb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 2398710 a2a88432efcb034fad0cfc36130938f6
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 6177100 b465429510298d684d16f33d977ec1c3
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 3353238 d7e4a1fb9ecb639471baa485dc629653
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 79216 da72ebd5740459cd44c6d5735883f203
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 4267492 62425ac8d76f5879b900622026883d94
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 1315868 8b3019c57cfeeb28509ca96f7d0358fa
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 972222 1197d9bb33cfb181d99f03102b751cbf
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 5041464 6db94424b23399cf83de0ae1968efba0
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 1203924 f8a743cc5f4afb87f8b9cb883252c6f2
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 1817072 72fddd524748b9e9206c135e81c698dc
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb
Size/MD5 checksum: 2892294 b43b907010b9373ec7957a570d9a80ec
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 2910452 fd7f3ad0731784dccdc5b3b467513469
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 6214560 94dff8a518547e92fb165c02dae9baec
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 5070850 b4a9ac34be34928672ce800c899ac042
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 981922 ae00524832d05f9aa8c06686c9e4e461
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 1323868 be4570e7c8720bf0c756b4eac3cd3fe0
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 3372252 012baecc35e1becc8a07d81adc262d65
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 4294422 0c6add94f7e453817388fa9e529b82bd
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 2424800 db72d33ac4229f163053c1f4ea18480e
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 78816 d0ac45bb3404ac4fa9972bf47ec91cac
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 1823568 48f417418296b035f611572d4504ffbd
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 1210432 d58cf1719fc208e76cec7c28cb594da7
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb
Size/MD5 checksum: 564066 43f4da7801d6e972fae31ce287ded998
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 2067740 1f3465310bfa420ca5d3dca47fb61876
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 6687014 bd2920b6f871c5cfc573454993b99bd3
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 4653108 91139f0c545ded0f434912e577cc655b
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 1375386 2f9657458e85625ffa4f762df7ca9a87
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 80862 32248cce30e50a58171439955e8c1b31
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 5501106 2c9166906405f03cb05d509b871ee48b
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 3177446 f061d9d8f7e5276ff6f6bf98ecea456e
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 631654 1dd17d4d9edc8fc60707db89643a8aea
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 3610032 ea72fc29881895beab6c09e20dce4eb9
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 1046340 b118ec013c5588b8baaea5d1b0e920a8
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 2229186 b1f09642dd40089211dbaa22d9e234fd
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb
Size/MD5 checksum: 1412786 3ffb5d639b595a3af2d1661439f7559d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 984354 610ff7af9bdec786dc66dfc71e6d906d
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 2930762 16cc9438cc5a7bac68f842aaff01cb44
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 6302570 8508f2837d10ed9e791690764c887482
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 2081416 a97abc97a1ccbebc475cf94ab984fac0
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 561714 b61348ec0f3adb19990550cab9b7e40b
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 3405124 904fba778279f57af680c3a25d316c89
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 4295250 e783fb6625c27e5d4dbdf0b5072345db
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 78984 0a4c138021591e75544c95a70a79f5e4
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 5067188 9b7a2c22ef8ebab7db2da88e77d61607
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 1825116 d70821ed19cb8118f76529c844c967de
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 1199768 f33cfc38a35e53f9a278279d10cb9296
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb
Size/MD5 checksum: 1349920 a34c0d26610af3d6a5e8c0c9e35f6acf
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 4386438 ec0ed107b01d00462e6a4dd9fa914a6f
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 5832230 d73c656dac14065b3a1f13201510eb20
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 1724092 9b5c69cdc6911c755a8e6b12d048d1ba
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 84004 bc0fe8f98f03b5d665810cb5ade516e9
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 752072 c462e06b2ff50d6abbc6fa5ba6c14dba
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 1561116 91986263af0fd80f2a8d220e626ea4e9
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 8294752 bfea15cf71e6f3503e8601b7b7a51ff4
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 1939328 a3d3f802ed54267a93a61eed49d48b7e
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 2400926 961af2d58aeff2eb54b6316b56b0d71b
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 1280080 63385632efbd6d173e452b75ac295e7d
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 6933470 666a61b68183f3afc017cb3658d25049
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb
Size/MD5 checksum: 3915410 a7ae5b73317aff391dbfffe447ee8958
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 2507514 c8d996cba28f6d76d187774f844b01aa
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 4203042 d48c2d45cd762dc2bad73ca9c089d3c9
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 572688 4c689c9090845e6784d96eafdd1d1dd5
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 1205342 92c7d350a6958c60b719dc1bca25e23c
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 3238756 9c2d7e67ffcb7f6f9010e2a4cf3e5e16
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 942044 b994c97405ec4963b68189a0ba00067b
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 4998666 1648dd4cfec7bc14cbd41320b44fbb16
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 2809438 f4ad77583575756d14629fd98c8166f5
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 79288 10a8cdeed703948d1dd5e836897558f1
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 2182258 5183531629f1c99dd71f253832bab233
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 5840974 cb82df1024f5c10770ac98afe89e48a3
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb
Size/MD5 checksum: 1093592 8e55a6342da60f19c3c95a55a1d90164
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 2128338 f27eefe417a4831ed071ee2a34949e47
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 569280 584e1b162cb0452b814d34aa618d9b85
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 79204 69f192c04fa40eb5e2fc37c1cdb1b0ac
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 5801134 d3791aacacfcadd4caf909dd9b62fe31
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 1081720 b19e32963b224825b1f6335e28bc6d6b
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 2792976 e3d2772a8cf2274a26190043d0c9694a
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 2387806 e5f53727f8ccdca5bfb82efbd5601c7e
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 4967334 3dfdbd6e944b31808bb38bbe3ee3fe35
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 1196484 bc9d17cd36558e526efd2e3870f2b0e4
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 3219234 d4615fd079aecae1ed4753c4449aea75
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 4177874 10909deb34148f33c2a92ecb6cfd8c72
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb
Size/MD5 checksum: 936880 1e742c0aa5a77a995fa174a9b02913c4
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 2988566 40620c503ca952eeeb73bde777a14435
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 6294542 feab7c9b74b13b06b6977d637623c728
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 2079372 4886a2d8d7664280dae64605c891996b
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 1712666 75b337ef8fb0e52f71cf2e9b18faa1d4
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 3423452 da023922a04344c534ee88e0e0292900
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 5187664 0ddd64379049fadd254da0045e04d307
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 595048 b08157624bc5ebe37b5a2c343649bb83
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 1333642 98613e2a5c876333295cc0aab31ad250
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 989426 e1b15a1a53be2bd09010c1dd0eeddcf8
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 1239864 1aafcfc867e23a3b84f58e29f5a4b163
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 4403350 c2b90fc3fb94dcd324f9da7a38a7c878
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb
Size/MD5 checksum: 80476 3ac690ddd20c773e1437d21572c37a2e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 2061206 694599e2dae140a04c53be168ebbf163
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 1389672 25b0b8754be83bae0984de459f7cf319
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 641924 989f56ac5c323f74b34512dcf48412a0
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 1935682 032e63baf547b194e2af89da342be617
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 1258028 5884f69e4c3fc4567c8f2392b4cae88d
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 4740858 01348d4fe49f9f8b07eb98b77a447c4d
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 1056846 85573ee68987c713bf2abf1c676bcd6a
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 6706474 c2cd5c961d23f7ec513b2cb0efa469a8
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 5647644 c123e43888dace888b100f4d61cef627
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 80832 c96484d5c2588fb90a23df5869463554
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 3204582 0254ff9259bae547b7d8673124473e19
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb
Size/MD5 checksum: 3650302 0716bdcda1c0b080e30fbc2b4af03e6b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 1202198 76ec9e4b183e72139b216321ef0dbc6f
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 975366 ce9edebb6cdbbfce4ed44dc376960d3a
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 4322338 398acf0f34e81b674ec8cf4149bf4534
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 2924672 52a6813bc6e557daa5f2ec523942ebcc
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 5116574 63e4f4faadf3223fdd904e546aab6a22
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 3372416 73b1333d568d87529e8d3072ebd4c509
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 581590 2dcac90d984a7b08083be093befa1472
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 1303976 731b1a1f9a65e1ec887c0fbdfcc867d3
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 1996180 13724133b88e237853164fedd89c356b
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 79152 1ffe88781e928339aa16c594f9f224f0
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 6172106 37c0d2de6d73127751cf1670ee468944
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb
Size/MD5 checksum: 2020578 f161d329079cb0df6cbc30ed97191e15
These files will probably be moved into the stable distribution on
its next update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0006
Synopsis: ESX Service Console updates for samba and acpid
Issue date: 2010-04-01
Updated on: 2010-04-01 (initial release of advisory)
CVE numbers: CVE-2009-2906, CVE-2009-1888, CVE-2009-2813,
CVE-2009-2948, CVE-2009-0798
- ------------------------------------------------------------------------
1. Summary
ESX Service Console updates for samba and acpid packages.
2. Relevant releases
VMware ESX 4.0.0 without patch ESX400-201003405-SG,
ESX400-201003403-SG
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan
to upgrade to at least ESX 3.0.3 Update 1 and preferably to the
newest release available.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan
to upgrade to at least ESX 3.5 Update 5 and preferably to the newest
release available.
3. Problem Description
a. Service Console update for samba to 3.0.33-3.15.el5_4.1
This update changes the samba packages to
samba-client-3.0.33-3.15.el5_4.1 and
samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for
security issues that were first fixed in
samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813
and CVE-2009-2948 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201003405-SG
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX patch pending
ESX 2.5.5 ESX patch pending
vMA 4.0 RHEL5 patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for acpid to1.0.4-9.el5_4.2
This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2.
This version includes the fix for a security issue that was first
fixed in acpid-1.0.4-7.el5_4.1.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0798 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201003403-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-195-20100324-069
238/ESX400-201003001.zip
md5sum: c7c0f287d5728289fe2903be48d8d501
sha1sum: d90badd89247ccc96a02001b6d697bf39fad9e7c
http://kb.vmware.com/kb/1019833
Note: ESX400-201003001 contains the following security bulletins
ESX400-201003403-SG, and ESX400-201003405-SG
To install an individual bulletin use esxupdate with the -b option.
esxupdate --bundle ESX400-201003403.zip -b ESX400-201003405-SG update
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0798
- ------------------------------------------------------------------------
6. Change log
2010-04-01 VMSA-2010-0006
Initial security advisory after release of bulletins for ESX 4.0
on 2010-04-01.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFLtPVKS2KysvBH1xkRAr7QAJ9fmOGXceihgXteCto/P0/N4FOYpQCeNU+6
9mPchO6g2qdEqzK4oDoGbl8=
=focv
-----END PGP SIGNATURE-----
.
Release Date: 2010-01-27
Last Updated: 2010-01-27
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba).
The vulnerability could be exploited to gain remote unauthorized access.
References: CVE-2009-2813
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP CIFS Server vA.02.03.04 and vA.02.04 running on HP-UX B.11.11, B.11.23, or B.11.31.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-2813 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve this vulnerabilities.
HP CIFS Server (Samba) vA.02.04.01 for HP-UX B.11.11, B.11.23, B.11.31
HP CIFS Server (Samba) vA.02.03.05 for HP-UX B.11.11, B.11.23, B.11.31
The updates are available for download from
http://www.hp.com/go/softwaredepot/
MANUAL ACTIONS: Yes - Update
Install vA.02.04.01 or subsequent or vA.02.03.05 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
=============
CIFS-Server.CIFS-ADMIN
CIFS-Server.CIFS-DOC
CIFS-Server.CIFS-LIB
CIFS-Server.CIFS-MAN
CIFS-Server.CIFS-RUN
CIFS-Server.CIFS-UTIL
action: install revision A.02.04.01 or subsequent
HP-UX B.11.11
HP-UX B.11.23
=============
CIFS-Server.CIFS-ADMIN
CIFS-Server.CIFS-DOC
CIFS-Server.CIFS-LIB
CIFS-Server.CIFS-RUN
CIFS-Server.CIFS-UTIL
action: install revision A.02.03.05 or subsequent
HP-UX B.11.31
=============
CIFS-Server.CIFS-ADMIN
CIFS-Server.CIFS-DOC
CIFS-Server.CIFS-LIB
CIFS-Server.CIFS-RUN
CIFS-Server.CIFS-UTIL
CIFS-CFSM.CFSM-KRN
CIFS-CFSM.CFSM-RUN
action: install revision A.02.03.05 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 27 January 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ===========================================================
Ubuntu Security Notice USN-839-1 October 01, 2009
samba vulnerabilities
CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906,
CVE-2009-2948
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.9
smbfs 3.0.22-1ubuntu3.9
Ubuntu 8.04 LTS:
samba 3.0.28a-1ubuntu4.9
smbfs 3.0.28a-1ubuntu4.9
Ubuntu 8.10:
samba 2:3.2.3-1ubuntu3.6
smbclient 2:3.2.3-1ubuntu3.6
smbfs 2:3.2.3-1ubuntu3.6
Ubuntu 9.04:
samba 2:3.3.2-1ubuntu3.2
smbfs 2:3.3.2-1ubuntu3.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
J. An
authenticated user could connect to that share name and gain access to the
whole filesystem. (CVE-2009-2813)
Tim Prouty discovered that the smbd daemon in Samba incorrectly handled
certain unexpected network replies. A remote attacker could send malicious
replies to the server and cause smbd to use all available CPU, leading to a
denial of service. A local user could exploit this to use or read the
contents of unauthorized credential files. (CVE-2009-2948)
Reinhard Nißl discovered that the smbclient utility contained format string
vulnerabilities in its file name handling. Because of security features in
Ubuntu, exploitation of this vulnerability is limited. If a user or
automated system were tricked into processing a specially crafted file
name, smbclient could be made to crash, possibly leading to a denial of
service. This only affected Ubuntu 8.10. (CVE-2009-1886)
Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled
permissions to modify access control lists when dos filemode is enabled. This
only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.9.diff.gz
Size/MD5: 161616 0ad9aaba168245042d1489fdcdd5dc42
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.9.dsc
Size/MD5: 1203 e54ed933c8b093c77b7aecaccc1650ab
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22.orig.tar.gz
Size/MD5: 17542657 5c39505af17cf5caf3d6ed8bab135036
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.0.22-1ubuntu3.9_all.deb
Size/MD5: 6594720 714f26b307bf9c1d81392ef89dd57420
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.22-1ubuntu3.9_all.deb
Size/MD5: 6902292 116d5fcbf539e39460c4de1a03a2e5f1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 427020 eac8d7f26dbbe0a51eb6dd2089d5318f
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 112902 78153d8ae792d0dad9913142ac80f304
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 798804 51db5cb3445e03ce20bc01df763626f0
http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 5974858 2984a44edeff38950c8b117ee5dfc50d
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 2415334 5a7e0073ee7714fa816d528ec7015e98
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 11893670 e9a72bdd6da691c06755694781c28cf0
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 3405114 c3db6785e7e379912107194b85a6c4c0
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 4042974 5b6d291f233ea349113f188c8b602922
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 450162 973bba455c72ac8f68c5266f4f6962c5
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 833738 7a32896e5bbbed676eb7d670b7b5c913
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.9_amd64.deb
Size/MD5: 1931042 3da6192d4e7d101613c5af8b3d29cddf
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 366694 f14155bac141ad7f941ba03e393c5270
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 112902 967c4537a0883400f4ee836d32b1acea
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 683712 002366bd9b55bd6a9e5b01482a03e532
http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 5068740 85a5168913d149757470d9604a132b8c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 2078578 5eb6ccc70dc94c0f04879d46d047b52e
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 9811828 e6daf862bdf89a5b2ae0e10b6ec7d46b
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 2852250 ce15a3ffa8bb74c1668e2e84af25f395
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 3353974 b359d873da6d8f2fbefb017c56a90d69
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 380190 25564c8fcbe3748d89352c3889224a38
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 711802 a3ea954b28c3b650e2a48672d6944205
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.9_i386.deb
Size/MD5: 1609834 7b3072248ab3b89584205aa234ccf555
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 410852 ef7fe6cfe269a839e44f3cf538d4ae38
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 112916 90aeed1dcdfc40442543b79b4c960027
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 777048 32b63354cd4ea69407f715a690f51856
http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 5693046 1903d9ec97fc80bf7ec844f0840b41ed
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 2359372 18c86a2b1c6ab25a370c2cdbd6661ead
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 11903932 d04b1ea8aee57ae0df5c29756c2c3b5a
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 3334618 7667bd29d3beb55a97e5a3b5577ecd41
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 3942780 9d951c0722867033b8281e1866fcba24
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 443270 b7f93c04656c39aa3dcbafc53ce0fa05
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 814458 10be46698881dd3c2cbc9a55a34d214d
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.9_powerpc.deb
Size/MD5: 1873756 4d919e6bf376e316a6195bfe5aae1a97
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 389762 dcc58f618c5dc2199ff041aeedd71d98
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 112918 27c0500abe2141de9472fc5dcb379a97
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 730528 fd413b1753a90c741cdbf767cf4c6a4b
http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 5427026 af95ac20b0047a3fd4c640d8536b950a
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 2145644 843c984664f3e644252ea6cdfddcb7d4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 9723658 2639550c026db54b4bc5686e896dd510
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 2993030 8260ac9ace47cc8767b6935c2b3ef5ec
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 3508094 5c0ac997e1d96052f31b24fd1188a26f
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 400114 c4cef7889ece3a02aa7b59dd56b7a544
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 737168 42111d78eb3502791890f93c18d9b3bf
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.9_sparc.deb
Size/MD5: 1691634 30bf9470299d7414a3874c2a8adae78d
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9.diff.gz
Size/MD5: 231391 7e2af7f7d745cc77c330ee843679d8ca
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9.dsc
Size/MD5: 1586 2e4a432be1d531c58d1c120ffcd3a19c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.28a.orig.tar.gz
Size/MD5: 18172643 59754cb0c19da6e65c42d0a163c5885a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.0.28a-1ubuntu4.9_all.deb
Size/MD5: 6622338 9380d43f5191a37cb32bcbab1bad7ae6
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.28a-1ubuntu4.9_all.deb
Size/MD5: 7009210 cc331f7f2efb8e800bbb8762b37e25e0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 520546 b4b1240a3ff4d40a83f78a07c443c0f3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 1292542 3bb97eca27dadd4722adb044a40adee5
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 967892 bc14c1047fbf66c1925e0c882ba92ee7
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 3058802 f54479769002e9afe5e91ee46ae5ff41
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 20893780 4edd6952575bc8c73d1d36d41ecbb479
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 4194456 879f5a1f38a4fe9578a8a0493d522162
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 5304436 3eb8858a5b14da4623dd48bf10f9fb73
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 430122 fe85b84ec13ae940f9d2768464d709a4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 1048832 f6895c2fa5b41dbd8eba7d88194abf41
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.28a-1ubuntu4.9_amd64.deb
Size/MD5: 2473112 74df91dbdde172e3899b100652695a45
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 472252 15042a9ebf034ea53ba563c791763385
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 1201976 727bb81955ba29c4c41bf874c47d14b1
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 887392 ff28ffd04701e889014f83c492e8a992
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 2840618 9bd4fdf53cd7b0b0b3bb4b3ec434fef9
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 20216796 ced1db63e3cb543459c4cdb7f10a1bdf
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 3840538 2cd8ab43090b315d116894170ec96d66
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 4863560 3898e31536f87d7dde65502d17ce05b6
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 397132 250691215f69c151186945b5a55b0b98
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 974478 dd38262a108a87c928dcc50f3389a3a9
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.28a-1ubuntu4.9_i386.deb
Size/MD5: 2248406 896ce555ed798423eeb88fff50eb8b30
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 463234 08b9ee8f8361646792eb439ae045269b
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 1168374 2e2979e9f98c9b5dd73fb6c2da0911df
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 864522 130273d8f0f9ad49e0c383ef52fd6e1d
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 2779576 c0d8f3966307a5858d880d033603b3f5
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 20585618 d36b13bf28a9a3fc131c0f33b152d47e
http://ports.ubuntu.com/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 3756770 eca1116f745d9766285c0d0a74d5b644
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 4734470 762b151daed66156092d163b0f406c20
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 390026 dbee68f037d577cd5439719c7fb92a41
http://ports.ubuntu.com/pool/main/s/samba/swat_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 951286 38e35eeaf91c45ca56565219149abd99
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.0.28a-1ubuntu4.9_lpia.deb
Size/MD5: 2195544 d64ab228f0342e4d67ec3b5f20216018
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 515832 2ad077d63b6144cf907ab9988baf0139
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 1200004 bf7ae58acb99cc3db2fab99638c95fa9
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 956626 fda0b121c55858f6b66bcacb2b0461f8
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 2990960 bcb29d58590b755074a365c552136c0a
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 21182522 2c0803fafa6fbd40aa3e104ba56bbc0d
http://ports.ubuntu.com/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 4126290 ccf21a784b39e047c6dc194755fdca7d
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 5163400 74bd882877f5523cafc680de256290fb
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 431514 959ff71f764937096d6f15a655dfaee6
http://ports.ubuntu.com/pool/main/s/samba/swat_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 1018106 2b184bd834d898febb1ef227bfd1fb90
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.0.28a-1ubuntu4.9_powerpc.deb
Size/MD5: 2420168 d39a44b7f9f8e154ad1c6a7cd7c47744
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 474682 4e2ebf556bf2aebc6ba6451f28c5b880
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 1264254 0e1762140c135589e5a82bb690bd7770
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 882412 8923f26cae63e096cbc88e036851486f
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 2780260 1538097139e3853e5123c022bb0b0f1c
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 18529580 59a25ca374c053660116dce03011abea
http://ports.ubuntu.com/pool/main/s/samba/samba_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 3802920 8fc30eccc623c180c4fc162102867fe1
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 4742870 aa4f92e69ad826b22fa1946e68e987da
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 396682 60fdbb3079527176c177305bb648ca07
http://ports.ubuntu.com/pool/main/s/samba/swat_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 948132 18f33ffe44b9d32f4b7cc8d8885b3dc1
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.0.28a-1ubuntu4.9_sparc.deb
Size/MD5: 2217900 bb8577eb34a3226359c58667ec2a9afb
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.6.diff.gz
Size/MD5: 236931 4f9651b8fc38ae5775cc57b2d987f44e
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.6.dsc
Size/MD5: 1902 f281832cebbef598586013098bd67400
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz
Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.6_all.deb
Size/MD5: 6261910 503b40ccc2f657eeb7c25bac480c4bf6
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.6_all.deb
Size/MD5: 7955234 412fd71fd346e66011f76a5af0466398
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 639534 bbbfbbead71027d2419fcb27fba42407
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 1969252 a01c75db248048dddac69a59a81c7f89
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 1370904 0e1727442db6c636569c25822d1fdbf0
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 89560 6603c0860d68ad2819d718c6d05ec5d4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 3817612 7784145651faa822dc74d0976a99338c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 1994386 6a019c4493229ae31edfea3ee46cb71c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 5805124 d1c605957d71007be0fda1a15694d518
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 4909508 1e5b668561555630f24091af0cd6d4e5
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 7176252 7aa07ad7649a4446681b76847e5f5cb7
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 1530810 d6ddcc2f344f71c83f61b9ecb7b0c5a7
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 1113428 0379fc7d057771de7b437fecfc7966e6
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.6_amd64.deb
Size/MD5: 3351366 ee45f0cb769c6c28f8a347d34d338d7e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 574924 506af0e56dff7d0fe7ab51ab469c47e6
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 1845352 e6ed7ca7f84020e149e808fe64311cf3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 1218372 72aec547fa38b0a064bf0e60466fda42
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 88078 ab33ce6e5cefa515a699aca9cdc461e9
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 3461470 17ffeb64ecd64f184e97a943c5eb9e6e
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 2078640 3c519d38299e6fdbd07f4f4d72aef95c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 5163590 5222f9aea0fdf9a2acc5d95318948284
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 4369460 34806faae06578a1051d568c5cea17f9
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 6405268 02e19a3061477a8811d8d25709fe53e4
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 1376806 d13a79928b41c7973a1a0c1ba691a722
http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 1007482 eae4a6678ae8130648a5fb572b0c8998
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.6_i386.deb
Size/MD5: 2977186 b4ee501767e1e5a49741ccbda78425d0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 554422 ff03551a483e90441db25c4c7692cd95
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 1769968 6ec919b02183c89b9aa80134249e4b52
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 1161338 2516d6d888b98b3bd8a3b6d74a5937a6
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 87506 38b8b5788656a29cb0db8a13cb8b9480
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 3330112 84aac2e247aab6dd9efb162409f0aadc
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 2071010 56f8a2fbd9e80523ef4912c691676adf
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 4952144 af73024709a58ee64f805f77077d1364
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 4199086 a1f7386a5d5692d4b1e995ecd8f3bb87
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 6137958 e0a1a5d5aec37facd2c1330cfb56dfd2
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 1318062 bf22cc094c4e89d8770fd845e855a387
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 969198 83f81cfc7d9ee22b599b505ba3ae3f05
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.6_lpia.deb
Size/MD5: 2857452 2b48cd916e54e46d5f0452303d3851d3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 607408 559831ff717451c998e29d4eddb3e034
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 1731182 bd5a801be1d73c5ac033548987dde264
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 1255860 6efaefbeafe04c3103d84f2c105d1872
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 89508 9c3081f940474a1f415678746f6243f6
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 3601302 a0ce49b8f3aab2a28cb22765b063694c
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 2059040 92ad3324c83002e8b9783960ea40a036
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 5477608 0e38befb17ef64fd0ced6d2643dbf8da
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 4641844 d31adf2bfafb586243e2faf535953e42
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 6659150 956f64674dd5cb7bb3f8bac62895d24d
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 1418796 8df76629fdc1fc014f9abfa1514540cc
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 1046932 6fdfbbf2b39c0b4962f3831538863e78
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.6_powerpc.deb
Size/MD5: 3124852 6c04f13595d0573d71cde5987ac264dd
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 593506 b4870d6be6ef7a61ed6c5a2e4aeae16d
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 2008990 878258bf3efa14b921dd567103a80deb
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 1216706 c488460e14273a93f0540c84c3248cee
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 88094 3a6d77a02f0e6acaba23e4b9549e69b8
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 3503522 8ecc0f2c8d5f4cd8e4e0c796ac5722b5
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 2008706 4fff798d96bf44cec97af54ca04db241
http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 5332248 9d183a23e7fd5f7f3994dcb711a37e97
http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 4505892 c62a9e2bc675ce3649466cc130add2fe
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 6450016 54ee993bca2684d4e01b9f6f5a44c85e
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 1372100 5aee6497bb5977e8e307157daba0c230
http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 1020422 bfdb2375fc15aef8e2c9fe3a57c1af02
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.6_sparc.deb
Size/MD5: 3030996 c0ca89ffac33688bdfe227fe26019fe5
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.3.2-1ubuntu3.2.diff.gz
Size/MD5: 246744 ae710e82bc844bc0784713c356a65fe0
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.3.2-1ubuntu3.2.dsc
Size/MD5: 2101 c340588b3010c9b5a7f33001a653ffb7
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.3.2.orig.tar.gz
Size/MD5: 26058163 5c5178ea2c5d9bd5f6569285f2e0e6d7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.3.2-1ubuntu3.2_all.deb
Size/MD5: 6710652 9d2f3fef5b10b37a00c35671153b3632
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.3.2-1ubuntu3.2_all.deb
Size/MD5: 7994730 28f301eba9f060eea631aff3a1c263c2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 646652 2d5d4e46c0aea5af01fe5e9c6bbb9b28
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 2163380 c9423c1d10a0c24318882bbf169c824b
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 1508304 23c2a769c2998d346a712858cfff8cf9
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 98292 b7c4155820c63d283d503927f9cee94a
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 4467650 c0b7ef8b7211281f0db3949011abbea1
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 36711768 99fd9b5afc6a4323e86e846cb72136b9
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 5071440 dc9efb1ace97ea837b6114f0dade6322
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 9018812 3a5e01312117b39737a09978ba9f9e43
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 1688934 59e11957943a573564aa166d4b018d3c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 3895728 9eb9988344d07744de3eb780b4c42b4a
http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-tools_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 5713268 b9146cd614816390dcae0cc91683221b
http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.3.2-1ubuntu3.2_amd64.deb
Size/MD5: 1542412 0c67889bbb7e28462b2124440ab654ca
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 582222 0219aff733081399d32448732dd96294
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 2032960 750ff75ee3478437edf9e1d19e782e27
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 1347184 3775216596791dc048b765b89abb05b3
http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 96638 d425c4783b30a1c0ad46407cd1f04dc8
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 4060442 34801ccdac63f1bdf9b10b637b1d4f6e
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 34984314 e8551db86917575071e55762d87d3b85
http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 4527948 12e6be455b45d0ce4245ab1105a5f96c
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 8097728 251cc0883c670ee19edf0078a058c852
http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 1521034 e3f8b5995d81ba1f6c968ac32fc0d0be
http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 3481570 a29f9da468b535c2da5e9923010d1d6d
http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-tools_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 5099016 362165caee8cd0bba16258f66c073cc6
http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.3.2-1ubuntu3.2_i386.deb
Size/MD5: 1400948 84221b1da74bdb5f5787f68de8952355
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 560958 962b835eefa46cc6bde4832d0e88121f
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 1952880 f9f1fb19bb809aaa6d3aad7242a4bb72
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 1283570 af16ecb6dfd504c40dc56317b34ce9d3
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 95956 a768287e6b93040ef2cb35ec8e7d7d41
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 3904320 fc222ca31831d73c84faa7d1e2490974
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 35290838 396e2a07747efbc6823f6eec6f7edd53
http://ports.ubuntu.com/pool/main/s/samba/samba_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 4346314 6297c298aed6f3a4de613d54a1dcf749
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 7754410 c48267678450b0603139bc08e1edbbaf
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 1456666 f9b855b88c6a45b04e707a18aa55b9e0
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 3339424 5ce5bd4288830a8300a44b5c52768cf3
http://ports.ubuntu.com/pool/universe/s/samba/samba-tools_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 4890862 dd221351f63783646d4e4f22d678c055
http://ports.ubuntu.com/pool/universe/s/samba/swat_3.3.2-1ubuntu3.2_lpia.deb
Size/MD5: 1346736 d51baf9446d9fd010828a0131c1d3267
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 614320 8da8875e3c2226c83ecc5a40d97b2cb2
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 1900044 953213cf62382b4b8b3a45d3f7def0ee
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 1382664 7c6ed21ea30b0ebcb0462ceb1c3f8e16
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 98086 c0f91f3844450ae41d6e3b0115f20591
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 4200232 98576bc60ab7737cb5bb547f29e1a5dc
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 35738340 9d638bf8c1ab59847995b9ca2c55d56a
http://ports.ubuntu.com/pool/main/s/samba/samba_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 4804652 8a7d4638dac9533316b1f0a020dccd3f
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 8333880 e1b4a75d2ad6a9725584243883312f3e
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 1565914 aac094d4e42580986c2056c2256209c5
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 3630424 7b6143e9fa2e47c716023e3f37d92768
http://ports.ubuntu.com/pool/universe/s/samba/samba-tools_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 5398448 60faa062e6ad2f7276f61efa06bca513
http://ports.ubuntu.com/pool/universe/s/samba/swat_3.3.2-1ubuntu3.2_powerpc.deb
Size/MD5: 1436246 32c9c1f616da971f6b149630da05ab30
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 600048 2552f5b27c823718c0862c5b76ca9f63
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 2213024 65ecad7035168477e207bbc5ed1d0c29
http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 1339606 cf15ae0ff3b54429d4f66917b5d406ed
http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 96454 a7c4796444e2146c181a9222c7710970
http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 4080446 b1728440e3d6a92683d620f398b496c1
http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 32778340 0ca389ca9b68bf428c7e94ed23603353
http://ports.ubuntu.com/pool/main/s/samba/samba_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 4657980 997f813c1e1da2decb4c84970c72dd77
http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 8060996 ee6756467677a4fc46fab626b8be0396
http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 1512774 2ea893dd60671f3cac6c24fc42db131f
http://ports.ubuntu.com/pool/main/s/samba/winbind_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 3513456 2d5d634bd732ee034f0d10239bb26944
http://ports.ubuntu.com/pool/universe/s/samba/samba-tools_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 5250174 fd91190a66a41ab02deb6741b2035559
http://ports.ubuntu.com/pool/universe/s/samba/swat_3.3.2-1ubuntu3.2_sparc.deb
Size/MD5: 1395758 225e6ebcb5b001906b5014af4a40c3e3
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Samba Information Disclosure and Denial of Service
SECUNIA ADVISORY ID:
SA36893
VERIFY ADVISORY:
http://secunia.com/advisories/36893/
DESCRIPTION:
Some weaknesses and a vulnerability have been reported in Samba,
which can be exploited by malicious, local users to disclose
potentially sensitive information, and by malicious users to disclose
sensitive information and cause a DoS (Denial of Service).
1) The mount.cifs application does not properly verify if opening a
credentials file crosses the privileges of the invoking user. This
can be exploited to disclose partial file contents by using the
"--verbose" or "-v" option and passing the file as credentials file
to mount.cifs.
Successful exploitation requires that mount.cifs is suid root.
2) An infinite loop exists when processing certain SMB requests. This
can be exploited to cause a DoS due to CPU consumption by sending a
specially crafted request to the Samba server.
Successful exploitation requires that the attacker is authenticated.
3) Samba does not properly handle /etc/passwd entries with empty home
directories, which can lead to access to the root file system and all
subdirectories.
Successful exploitation requires that an /etc/passwd entry with an
empty home directory exists and automated "[homes]" sharing is
enabled or a share with the username of the affected entry exists.
http://samba.org/samba/download/
Patches are also available:
http://www.samba.org/samba/history/security.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Ronald Volgers.
2) The vendor credits Tim Prouty, Isilon and Samba Team
3) The vendor credits J. David Hester, LCG Systems National
Institutes of Health
ORIGINAL ADVISORY:
1) http://www.samba.org/samba/security/CVE-2009-2948.html
2) http://www.samba.org/samba/security/CVE-2009-2906.html
3) http://www.samba.org/samba/security/CVE-2009-2813.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Additionally for 2009.1
the version upgrade provides many upstream bug fixes such as improved
Windows(tm) 7 support.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.samba.org/samba/security/CVE-2009-2906.html
http://www.samba.org/samba/security/CVE-2009-2948.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
4f552578709de0466d922e8a0759f8be 2008.1/i586/libsmbclient0-3.0.37-0.1mdv2008.1.i586.rpm
9bb222210c3a99989ddb6c3479c8cd6d 2008.1/i586/libsmbclient0-devel-3.0.37-0.1mdv2008.1.i586.rpm
cecadda3b37593746894536d2392d5c1 2008.1/i586/libsmbclient0-static-devel-3.0.37-0.1mdv2008.1.i586.rpm
7edfbf4deea7b57e7c7db53c85d62a41 2008.1/i586/mount-cifs-3.0.37-0.1mdv2008.1.i586.rpm
7a4a8d4577893ef1a0b410d1d2a1420e 2008.1/i586/nss_wins-3.0.37-0.1mdv2008.1.i586.rpm
236a200f0fea567b71b2fc6b2ab76d01 2008.1/i586/samba-client-3.0.37-0.1mdv2008.1.i586.rpm
1ab41b7a86e1100ebfc0f8a3f3c7585a 2008.1/i586/samba-common-3.0.37-0.1mdv2008.1.i586.rpm
e26405b50094478abf9c8e6f0cecb4d1 2008.1/i586/samba-doc-3.0.37-0.1mdv2008.1.i586.rpm
92c5ee7aa8a23df6f8e63e721d6cd1eb 2008.1/i586/samba-server-3.0.37-0.1mdv2008.1.i586.rpm
4192000a9c943240cc49285172a4365a 2008.1/i586/samba-swat-3.0.37-0.1mdv2008.1.i586.rpm
4979847252345d54d1ca4d57f2eab2f7 2008.1/i586/samba-vscan-icap-3.0.37-0.1mdv2008.1.i586.rpm
47272746a7af49923bd4f7599905a533 2008.1/i586/samba-winbind-3.0.37-0.1mdv2008.1.i586.rpm
814b5cbb37717cfb25d86de35231c436 2008.1/SRPMS/samba-3.0.37-0.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
ced0d1b4aebfc1dcf3640e2d0eb22668 2008.1/x86_64/lib64smbclient0-3.0.37-0.1mdv2008.1.x86_64.rpm
9d4efa92699f9cfa9cb67cbfc8e0bf80 2008.1/x86_64/lib64smbclient0-devel-3.0.37-0.1mdv2008.1.x86_64.rpm
b951dd85f7b5520615a8bfa9efa94e15 2008.1/x86_64/lib64smbclient0-static-devel-3.0.37-0.1mdv2008.1.x86_64.rpm
c989e22b38dd6190655a6a147d9b4320 2008.1/x86_64/mount-cifs-3.0.37-0.1mdv2008.1.x86_64.rpm
1c5d88beecca4b39e814c865f67d67f1 2008.1/x86_64/nss_wins-3.0.37-0.1mdv2008.1.x86_64.rpm
c4c16d39b64ab8a63f9a04af29984cf3 2008.1/x86_64/samba-client-3.0.37-0.1mdv2008.1.x86_64.rpm
1afe4d19ed5ad2409c03399dd23bde51 2008.1/x86_64/samba-common-3.0.37-0.1mdv2008.1.x86_64.rpm
9913781e24af986bbdace14171361726 2008.1/x86_64/samba-doc-3.0.37-0.1mdv2008.1.x86_64.rpm
ebe658ed48038b5cce733c78775e2948 2008.1/x86_64/samba-server-3.0.37-0.1mdv2008.1.x86_64.rpm
9db457d2ec2e6694eedc71e65686e075 2008.1/x86_64/samba-swat-3.0.37-0.1mdv2008.1.x86_64.rpm
c53a88fc82dd5a7ddc4c33c606a50ce6 2008.1/x86_64/samba-vscan-icap-3.0.37-0.1mdv2008.1.x86_64.rpm
f6419abf5f60d68a7f5255a24493ca94 2008.1/x86_64/samba-winbind-3.0.37-0.1mdv2008.1.x86_64.rpm
814b5cbb37717cfb25d86de35231c436 2008.1/SRPMS/samba-3.0.37-0.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
efb050a33295b9425e3ca8fb9ec05fef 2009.0/i586/libnetapi0-3.2.15-0.1mdv2009.0.i586.rpm
846e3afd2bab276430d7cde4fdf03c0e 2009.0/i586/libnetapi-devel-3.2.15-0.1mdv2009.0.i586.rpm
b852a65671ff7559ead332fd72bb5c94 2009.0/i586/libsmbclient0-3.2.15-0.1mdv2009.0.i586.rpm
21c04220c90da910f918e302e52666d9 2009.0/i586/libsmbclient0-devel-3.2.15-0.1mdv2009.0.i586.rpm
1e3c49a52489d2acd356cccd04cd56eb 2009.0/i586/libsmbclient0-static-devel-3.2.15-0.1mdv2009.0.i586.rpm
922b7d1fc60659c443a22a5cf9141ea4 2009.0/i586/libsmbsharemodes0-3.2.15-0.1mdv2009.0.i586.rpm
a5f28ffcefbc37adfd5004336a2fe6a0 2009.0/i586/libsmbsharemodes-devel-3.2.15-0.1mdv2009.0.i586.rpm
3a2666105db13504afec89f7dd6a67d0 2009.0/i586/libtalloc1-3.2.15-0.1mdv2009.0.i586.rpm
ab99aadd26276c8bbc96da52fcd3fb46 2009.0/i586/libtalloc-devel-3.2.15-0.1mdv2009.0.i586.rpm
c2bcd60467dc197621a4a8b578ab8d2f 2009.0/i586/libtdb1-3.2.15-0.1mdv2009.0.i586.rpm
e47ba9b65282116a881cd8a1d0f5752d 2009.0/i586/libtdb-devel-3.2.15-0.1mdv2009.0.i586.rpm
819c8b8e12043dff6f85f266e1092cf9 2009.0/i586/libwbclient0-3.2.15-0.1mdv2009.0.i586.rpm
e21c0cf32e7b3ac82621c4cf20eb8ffc 2009.0/i586/libwbclient-devel-3.2.15-0.1mdv2009.0.i586.rpm
ecd74601bbe8661a4424cbf9a24fd9dc 2009.0/i586/mount-cifs-3.2.15-0.1mdv2009.0.i586.rpm
656b6e76ea691407eb02eec624d2111e 2009.0/i586/nss_wins-3.2.15-0.1mdv2009.0.i586.rpm
d80dd9a24fcdaf2a96e481a38e68713b 2009.0/i586/samba-client-3.2.15-0.1mdv2009.0.i586.rpm
d9065426a3838bd6666db3411392de4a 2009.0/i586/samba-common-3.2.15-0.1mdv2009.0.i586.rpm
7513c3208fab5355ad869e2630861d31 2009.0/i586/samba-doc-3.2.15-0.1mdv2009.0.i586.rpm
e208d566b753481fb9615f5f1f5c37be 2009.0/i586/samba-server-3.2.15-0.1mdv2009.0.i586.rpm
31658503f04a3a153b4d65fe62e7f9a5 2009.0/i586/samba-swat-3.2.15-0.1mdv2009.0.i586.rpm
764c09b5bbddf403e41024db390ce4f8 2009.0/i586/samba-winbind-3.2.15-0.1mdv2009.0.i586.rpm
92f632db2a533f9ffbcbcbe260d2bedc 2009.0/SRPMS/samba-3.2.15-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
ff6635036aaeadf00de68e48ad77c7a4 2009.0/x86_64/lib64netapi0-3.2.15-0.1mdv2009.0.x86_64.rpm
93dbe82080fcc4f3332b4aa90c2ac9b2 2009.0/x86_64/lib64netapi-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
39b9c79e40c41d62c7ca7440fa097039 2009.0/x86_64/lib64smbclient0-3.2.15-0.1mdv2009.0.x86_64.rpm
4cac1729ea43ca02f485e071c5ff0681 2009.0/x86_64/lib64smbclient0-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
d0e8589df5efbcf9fcc2f6192af3cb6d 2009.0/x86_64/lib64smbclient0-static-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
9156de31384ce156d30d4e9535634e59 2009.0/x86_64/lib64smbsharemodes0-3.2.15-0.1mdv2009.0.x86_64.rpm
ce72a170e7af1edc4cdc9121d868999f 2009.0/x86_64/lib64smbsharemodes-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
a97a5555b1e937f706d500386f90a030 2009.0/x86_64/lib64talloc1-3.2.15-0.1mdv2009.0.x86_64.rpm
431e616754fff2e16a951ea51939e42b 2009.0/x86_64/lib64talloc-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
51c7e0bc2006bceb6149804e18db9335 2009.0/x86_64/lib64tdb1-3.2.15-0.1mdv2009.0.x86_64.rpm
353b8080b16182401577c206d05cd9fb 2009.0/x86_64/lib64tdb-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
301ba572774619cf6b6f6d21c1b22dd8 2009.0/x86_64/lib64wbclient0-3.2.15-0.1mdv2009.0.x86_64.rpm
3003a8b8a48b25bb13e309ba059f54af 2009.0/x86_64/lib64wbclient-devel-3.2.15-0.1mdv2009.0.x86_64.rpm
c3c0d95f1da6710dfe86c28b1b977b86 2009.0/x86_64/mount-cifs-3.2.15-0.1mdv2009.0.x86_64.rpm
95ffa0c8fc90b800a012cdfe458fd2f1 2009.0/x86_64/nss_wins-3.2.15-0.1mdv2009.0.x86_64.rpm
fbe98a877504a9512dc40335b52fe8f9 2009.0/x86_64/samba-client-3.2.15-0.1mdv2009.0.x86_64.rpm
dc8e880521d644a9d1db998c5cb65204 2009.0/x86_64/samba-common-3.2.15-0.1mdv2009.0.x86_64.rpm
66bf7a44a5b4d1c4fc66bf2cca34c40c 2009.0/x86_64/samba-doc-3.2.15-0.1mdv2009.0.x86_64.rpm
e69179920eb13e9c4b6b77c9dd23c09b 2009.0/x86_64/samba-server-3.2.15-0.1mdv2009.0.x86_64.rpm
f160eb1bb56f3fcf09c3c7d144dadc05 2009.0/x86_64/samba-swat-3.2.15-0.1mdv2009.0.x86_64.rpm
c25b1e8ebb3ae619e50114d7161221bc 2009.0/x86_64/samba-winbind-3.2.15-0.1mdv2009.0.x86_64.rpm
92f632db2a533f9ffbcbcbe260d2bedc 2009.0/SRPMS/samba-3.2.15-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
16d55726ae18c141c64559bf33155d0e 2009.1/i586/libnetapi0-3.3.8-0.1mdv2009.1.i586.rpm
677c6a78ca9087546767cd152f090b96 2009.1/i586/libnetapi-devel-3.3.8-0.1mdv2009.1.i586.rpm
59ff6473e2f4d60a96edbf00d120170d 2009.1/i586/libsmbclient0-3.3.8-0.1mdv2009.1.i586.rpm
4a9e3207ab02fde3b94c744fbc54761a 2009.1/i586/libsmbclient0-devel-3.3.8-0.1mdv2009.1.i586.rpm
f8727f9a406380bf3cc63872029dd32d 2009.1/i586/libsmbclient0-static-devel-3.3.8-0.1mdv2009.1.i586.rpm
a7a70efa02ad348fedeb44a640112e14 2009.1/i586/libsmbsharemodes0-3.3.8-0.1mdv2009.1.i586.rpm
44d95965a29b1c6b67e25d804bc12516 2009.1/i586/libsmbsharemodes-devel-3.3.8-0.1mdv2009.1.i586.rpm
81878c3eaa03b9a83478189fec6f7055 2009.1/i586/libwbclient0-3.3.8-0.1mdv2009.1.i586.rpm
ba295f2fb6115acf4018077d7a927437 2009.1/i586/libwbclient-devel-3.3.8-0.1mdv2009.1.i586.rpm
9234fc94eac761caa56944841539a8a5 2009.1/i586/mount-cifs-3.3.8-0.1mdv2009.1.i586.rpm
8214ceee6fb0874c5c2e89cc247fbd28 2009.1/i586/nss_wins-3.3.8-0.1mdv2009.1.i586.rpm
2c00ad654c8f2b5babd0050486c06182 2009.1/i586/samba-client-3.3.8-0.1mdv2009.1.i586.rpm
9cf733e60cc0f87b5d328a57169ff4a0 2009.1/i586/samba-common-3.3.8-0.1mdv2009.1.i586.rpm
dc3b4a5b52d67377a71b2bb1c332e755 2009.1/i586/samba-doc-3.3.8-0.1mdv2009.1.i586.rpm
7481e9496d4187f29b1c8d174f34abbb 2009.1/i586/samba-server-3.3.8-0.1mdv2009.1.i586.rpm
235c1eb352b8cdd857b4c30653fa3731 2009.1/i586/samba-swat-3.3.8-0.1mdv2009.1.i586.rpm
2e25863f3fea545174b2528273fc39b1 2009.1/i586/samba-winbind-3.3.8-0.1mdv2009.1.i586.rpm
c07466ff2422da51dc1500758b3bdf2e 2009.1/SRPMS/samba-3.3.8-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
2585e0e6504670b25acd056e96a1666a 2009.1/x86_64/lib64netapi0-3.3.8-0.1mdv2009.1.x86_64.rpm
d5667734e27c7c9e1f1ce543d0a69bcf 2009.1/x86_64/lib64netapi-devel-3.3.8-0.1mdv2009.1.x86_64.rpm
1cae57e6142b5f9852964f57c2448417 2009.1/x86_64/lib64smbclient0-3.3.8-0.1mdv2009.1.x86_64.rpm
aec3399d0094ac2d2a8df6c04cc8cd80 2009.1/x86_64/lib64smbclient0-devel-3.3.8-0.1mdv2009.1.x86_64.rpm
0101adb5e56ea9239d01a6b95265df8e 2009.1/x86_64/lib64smbclient0-static-devel-3.3.8-0.1mdv2009.1.x86_64.rpm
221ab5e516926ef22e29de68a5fbb401 2009.1/x86_64/lib64smbsharemodes0-3.3.8-0.1mdv2009.1.x86_64.rpm
5093da6bf343f563cbba01adba788238 2009.1/x86_64/lib64smbsharemodes-devel-3.3.8-0.1mdv2009.1.x86_64.rpm
0727b03fc3e8facdf6171bbdbbc0b254 2009.1/x86_64/lib64wbclient0-3.3.8-0.1mdv2009.1.x86_64.rpm
3b64cde8fb59b5cc5301653f24b02298 2009.1/x86_64/lib64wbclient-devel-3.3.8-0.1mdv2009.1.x86_64.rpm
40b2c4c0458d02e9ec09c1f665650074 2009.1/x86_64/mount-cifs-3.3.8-0.1mdv2009.1.x86_64.rpm
0a070ac11d73d7c5005516868c8acb0f 2009.1/x86_64/nss_wins-3.3.8-0.1mdv2009.1.x86_64.rpm
8ce7fda815396961bc091a8de6d5aaca 2009.1/x86_64/samba-client-3.3.8-0.1mdv2009.1.x86_64.rpm
074e2419563fcc09941edb756786aafd 2009.1/x86_64/samba-common-3.3.8-0.1mdv2009.1.x86_64.rpm
35a4b8335e400d6817903a781ce60fae 2009.1/x86_64/samba-doc-3.3.8-0.1mdv2009.1.x86_64.rpm
91ed9e1f370de8ccafd97a4b6274af75 2009.1/x86_64/samba-server-3.3.8-0.1mdv2009.1.x86_64.rpm
0f3b675161add2e6e39bf7bcd8d0efc4 2009.1/x86_64/samba-swat-3.3.8-0.1mdv2009.1.x86_64.rpm
6303fb16df9f940a83574aa02c15ecd8 2009.1/x86_64/samba-winbind-3.3.8-0.1mdv2009.1.x86_64.rpm
c07466ff2422da51dc1500758b3bdf2e 2009.1/SRPMS/samba-3.3.8-0.1mdv2009.1.src.rpm
Corporate 3.0:
24c5b1096fdea3139d16d4920e4f3d5e corporate/3.0/i586/libsmbclient0-3.0.14a-6.11.C30mdk.i586.rpm
d9367df65666dc8f1cacbab3cd94759a corporate/3.0/i586/libsmbclient0-devel-3.0.14a-6.11.C30mdk.i586.rpm
fac9eec996c5da54e13cc1a3272008aa corporate/3.0/i586/libsmbclient0-static-devel-3.0.14a-6.11.C30mdk.i586.rpm
18c14b2785aaa0fedcf7e75641359162 corporate/3.0/i586/mount-cifs-3.0.14a-6.11.C30mdk.i586.rpm
ebd4e835fbe370ee891fca93b077e607 corporate/3.0/i586/nss_wins-3.0.14a-6.11.C30mdk.i586.rpm
3546cab569f983f83f5897af3660d02f corporate/3.0/i586/samba-client-3.0.14a-6.11.C30mdk.i586.rpm
928a14eb92d7298d2a17f0298ffa1724 corporate/3.0/i586/samba-common-3.0.14a-6.11.C30mdk.i586.rpm
463337aab33d8c41aacd091c0c3e43fc corporate/3.0/i586/samba-doc-3.0.14a-6.11.C30mdk.i586.rpm
8e8349ce95d2bfbd341779369b5025ea corporate/3.0/i586/samba-passdb-xml-3.0.14a-6.11.C30mdk.i586.rpm
5ec36e5ef8cb394357fc53c8da336c7e corporate/3.0/i586/samba-server-3.0.14a-6.11.C30mdk.i586.rpm
7028fabe6d04ce0fa301c64e4fdd917e corporate/3.0/i586/samba-smbldap-tools-3.0.14a-6.11.C30mdk.i586.rpm
1e122a5d446705da97c138a82bc3a172 corporate/3.0/i586/samba-swat-3.0.14a-6.11.C30mdk.i586.rpm
459c55822bf11d8c502026b4ab284fb0 corporate/3.0/i586/samba-vscan-antivir-3.0.14a-6.11.C30mdk.i586.rpm
7db0ce83564250560ffb82a5ec10621c corporate/3.0/i586/samba-vscan-clamav-3.0.14a-6.11.C30mdk.i586.rpm
179ba9e3360c9e75700332aa19994e62 corporate/3.0/i586/samba-vscan-icap-3.0.14a-6.11.C30mdk.i586.rpm
eb52755bb9a984a2fd93318400a99e3a corporate/3.0/i586/samba-winbind-3.0.14a-6.11.C30mdk.i586.rpm
e7d6547c08d05538ead2b1f583d72879 corporate/3.0/SRPMS/samba-3.0.14a-6.11.C30mdk.src.rpm
Corporate 3.0/X86_64:
25efb0f8851063dd4f85ce5efe366745 corporate/3.0/x86_64/lib64smbclient0-3.0.14a-6.11.C30mdk.x86_64.rpm
7bbcd06e7c3f79219aa1078a0cacbc97 corporate/3.0/x86_64/lib64smbclient0-devel-3.0.14a-6.11.C30mdk.x86_64.rpm
f7be50563342779491e1338d8f4386db corporate/3.0/x86_64/lib64smbclient0-static-devel-3.0.14a-6.11.C30mdk.x86_64.rpm
838ef7ea583cb95cc863c8cf1425a3c1 corporate/3.0/x86_64/mount-cifs-3.0.14a-6.11.C30mdk.x86_64.rpm
d30ce3c9fc8dc04a44856b8de5475d2a corporate/3.0/x86_64/nss_wins-3.0.14a-6.11.C30mdk.x86_64.rpm
e678babbca3ead8a8776c21e836bd1f6 corporate/3.0/x86_64/samba-client-3.0.14a-6.11.C30mdk.x86_64.rpm
53de1c937fe96963251d43aa7135c936 corporate/3.0/x86_64/samba-common-3.0.14a-6.11.C30mdk.x86_64.rpm
b378c72cd5da2e8744fc18f948ba2296 corporate/3.0/x86_64/samba-doc-3.0.14a-6.11.C30mdk.x86_64.rpm
bb8bf3b0569c252d9d0d9192ae879b6d corporate/3.0/x86_64/samba-passdb-xml-3.0.14a-6.11.C30mdk.x86_64.rpm
35139f2f5c4a6e244570913e5069efe2 corporate/3.0/x86_64/samba-server-3.0.14a-6.11.C30mdk.x86_64.rpm
4171ce3978bbfd54a3f8ea2215cd997c corporate/3.0/x86_64/samba-smbldap-tools-3.0.14a-6.11.C30mdk.x86_64.rpm
5187188c8a9e7de056274a32b87c80da corporate/3.0/x86_64/samba-swat-3.0.14a-6.11.C30mdk.x86_64.rpm
8ede5f2d1cd5a62cdabeaf50846b917a corporate/3.0/x86_64/samba-vscan-antivir-3.0.14a-6.11.C30mdk.x86_64.rpm
ba36875f98009a110ed3a866a163baf9 corporate/3.0/x86_64/samba-vscan-clamav-3.0.14a-6.11.C30mdk.x86_64.rpm
57c81613fafbc73fdfda56b42ce8e89d corporate/3.0/x86_64/samba-vscan-icap-3.0.14a-6.11.C30mdk.x86_64.rpm
cc92aea8b3de4bd7031ad16cff1dd130 corporate/3.0/x86_64/samba-winbind-3.0.14a-6.11.C30mdk.x86_64.rpm
e7d6547c08d05538ead2b1f583d72879 corporate/3.0/SRPMS/samba-3.0.14a-6.11.C30mdk.src.rpm
Corporate 4.0:
047660a6bf073366bd9b354078311ed8 corporate/4.0/i586/libsmbclient0-3.0.37-0.1.20060mlcs4.i586.rpm
2add9cc76f133c4a88816242518c632a corporate/4.0/i586/libsmbclient0-devel-3.0.37-0.1.20060mlcs4.i586.rpm
8e724f03722eaf5bd8a7f8f483175e1c corporate/4.0/i586/libsmbclient0-static-devel-3.0.37-0.1.20060mlcs4.i586.rpm
9c416f3cf56fad431d0ac51746841ce3 corporate/4.0/i586/mount-cifs-3.0.37-0.1.20060mlcs4.i586.rpm
41e03757979dbc08a735cc07eb70a59b corporate/4.0/i586/nss_wins-3.0.37-0.1.20060mlcs4.i586.rpm
ea3291cde574a02eb3b6d9af74ffb2a8 corporate/4.0/i586/samba-client-3.0.37-0.1.20060mlcs4.i586.rpm
af7624926aa5e3b6168208047d6c4c46 corporate/4.0/i586/samba-common-3.0.37-0.1.20060mlcs4.i586.rpm
8d77caca4375145ee8d3aa942622e428 corporate/4.0/i586/samba-doc-3.0.37-0.1.20060mlcs4.i586.rpm
a40cc758d1ff0bfa623b06b601132a4f corporate/4.0/i586/samba-server-3.0.37-0.1.20060mlcs4.i586.rpm
860e1a63926f2882b2c95b61f87b6e42 corporate/4.0/i586/samba-swat-3.0.37-0.1.20060mlcs4.i586.rpm
668845748f59d8ab267077b409cf7d10 corporate/4.0/i586/samba-vscan-icap-3.0.37-0.1.20060mlcs4.i586.rpm
34826f546a50388da7532f64d7280894 corporate/4.0/i586/samba-winbind-3.0.37-0.1.20060mlcs4.i586.rpm
a47770cd28d9d2f1204bb192df70375c corporate/4.0/SRPMS/samba-3.0.37-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
77f62b3eb1efd66a7ea3ba8d84a8d43c corporate/4.0/x86_64/lib64smbclient0-3.0.37-0.1.20060mlcs4.x86_64.rpm
b7eea9e6f961648d40c0b0d6eda33019 corporate/4.0/x86_64/lib64smbclient0-devel-3.0.37-0.1.20060mlcs4.x86_64.rpm
2f8bcc3b5c02626a86d2c2d2f54b278a corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.37-0.1.20060mlcs4.x86_64.rpm
a20859389b661bc5865d95025237e668 corporate/4.0/x86_64/mount-cifs-3.0.37-0.1.20060mlcs4.x86_64.rpm
5cad07ac4c044c60b185db3de3882b27 corporate/4.0/x86_64/nss_wins-3.0.37-0.1.20060mlcs4.x86_64.rpm
82e1f61d0efdb2d2933e34947674bd9e corporate/4.0/x86_64/samba-client-3.0.37-0.1.20060mlcs4.x86_64.rpm
4fc7c9673ababbbb18eb479145796894 corporate/4.0/x86_64/samba-common-3.0.37-0.1.20060mlcs4.x86_64.rpm
e30ca5d0cc234b98d0dc8627a1bc1d05 corporate/4.0/x86_64/samba-doc-3.0.37-0.1.20060mlcs4.x86_64.rpm
bf01a661b1f653e1aa8e59cdb667bbbe corporate/4.0/x86_64/samba-server-3.0.37-0.1.20060mlcs4.x86_64.rpm
fcc1b0212eec0186a8c9a0ad41af6ad7 corporate/4.0/x86_64/samba-swat-3.0.37-0.1.20060mlcs4.x86_64.rpm
da660519148e16f2c0cb9d21db2cb67a corporate/4.0/x86_64/samba-vscan-icap-3.0.37-0.1.20060mlcs4.x86_64.rpm
8bd44cc57cb93d30550f04094e25191c corporate/4.0/x86_64/samba-winbind-3.0.37-0.1.20060mlcs4.x86_64.rpm
a47770cd28d9d2f1204bb192df70375c corporate/4.0/SRPMS/samba-3.0.37-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
ee5e0ba339dae934a1cb81040603d0eb mes5/i586/libnetapi0-3.2.15-0.1mdvmes5.i586.rpm
a2138a459fe213114948ecaa3c38eb0a mes5/i586/libnetapi-devel-3.2.15-0.1mdvmes5.i586.rpm
35900db03c61dc537536c469faca8892 mes5/i586/libsmbclient0-3.2.15-0.1mdvmes5.i586.rpm
fd96f9d9da799991c497c5bcbdb8eb99 mes5/i586/libsmbclient0-devel-3.2.15-0.1mdvmes5.i586.rpm
80b763083318d3691be23ebbc40d1985 mes5/i586/libsmbclient0-static-devel-3.2.15-0.1mdvmes5.i586.rpm
4ae18fa289d37dea0d2bc5dfdb2317b9 mes5/i586/libsmbsharemodes0-3.2.15-0.1mdvmes5.i586.rpm
ef80a8b52ce4b6d5330c58b3586e4481 mes5/i586/libsmbsharemodes-devel-3.2.15-0.1mdvmes5.i586.rpm
d7fdd39eeaab7a8e3e5a062661817e67 mes5/i586/libtalloc1-3.2.15-0.1mdvmes5.i586.rpm
5e60b3bd0a75e0d54138802918fe729e mes5/i586/libtalloc-devel-3.2.15-0.1mdvmes5.i586.rpm
c665f78c314702a64f08ae8f54552b9a mes5/i586/libtdb1-3.2.15-0.1mdvmes5.i586.rpm
706e6b795143f8c66a94525251354f4e mes5/i586/libtdb-devel-3.2.15-0.1mdvmes5.i586.rpm
3cc7fb704a4c2629ab22211c506b4e84 mes5/i586/libwbclient0-3.2.15-0.1mdvmes5.i586.rpm
5fb302fe81d2545189bb9d09c43a5121 mes5/i586/libwbclient-devel-3.2.15-0.1mdvmes5.i586.rpm
ed17b8a6a8a5fe2e346a694a8f2d7d09 mes5/i586/mount-cifs-3.2.15-0.1mdvmes5.i586.rpm
7bf8865e9f5c2ca25727e223dff8255a mes5/i586/nss_wins-3.2.15-0.1mdvmes5.i586.rpm
8ee63ef26bf846b4678c2cb1014b8d74 mes5/i586/samba-client-3.2.15-0.1mdvmes5.i586.rpm
f070d6b6c9575e19143e6821c6e001ff mes5/i586/samba-common-3.2.15-0.1mdvmes5.i586.rpm
c320a8446ebc80e48f8f2a4b633a484b mes5/i586/samba-doc-3.2.15-0.1mdvmes5.i586.rpm
8e1bfda1593920a80c0eae11ccb3dbd1 mes5/i586/samba-server-3.2.15-0.1mdvmes5.i586.rpm
01fb4c1c14c04e4752725de9a0bc0eac mes5/i586/samba-swat-3.2.15-0.1mdvmes5.i586.rpm
65ce6c6c1dfa009bcc43315a5ec4ccf3 mes5/i586/samba-winbind-3.2.15-0.1mdvmes5.i586.rpm
03855a2e42003a125af121eb9738ebd5 mes5/SRPMS/samba-3.2.15-0.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
ad357d021aaea783c3a9582e36e5e6bd mes5/x86_64/lib64netapi0-3.2.15-0.1mdvmes5.x86_64.rpm
6913e5c18f96b3f54bbe9b93e6edb8d6 mes5/x86_64/lib64netapi-devel-3.2.15-0.1mdvmes5.x86_64.rpm
86fc5c1e35809123367b7ae28ba03eb9 mes5/x86_64/lib64smbclient0-3.2.15-0.1mdvmes5.x86_64.rpm
0b4c0a7481de6b52ea593a9f5e9b584b mes5/x86_64/lib64smbclient0-devel-3.2.15-0.1mdvmes5.x86_64.rpm
007c85e7b30e817ea0ff3298318ba10b mes5/x86_64/lib64smbclient0-static-devel-3.2.15-0.1mdvmes5.x86_64.rpm
66034bc8194eb1dd4543e719c175f09a mes5/x86_64/lib64smbsharemodes0-3.2.15-0.1mdvmes5.x86_64.rpm
7f6fee0d5d832dd4034bb4b75ac37067 mes5/x86_64/lib64smbsharemodes-devel-3.2.15-0.1mdvmes5.x86_64.rpm
eca90c14a1d4bde2f644c2d1fd6ef3c6 mes5/x86_64/lib64talloc1-3.2.15-0.1mdvmes5.x86_64.rpm
9976c09999010e7941bbe0dc1fe6ca5f mes5/x86_64/lib64talloc-devel-3.2.15-0.1mdvmes5.x86_64.rpm
aab081f61e82ddf3f632790f27cb5ce7 mes5/x86_64/lib64tdb1-3.2.15-0.1mdvmes5.x86_64.rpm
7e09992d972229bb7a6ebd82652c8901 mes5/x86_64/lib64tdb-devel-3.2.15-0.1mdvmes5.x86_64.rpm
4eac64f49ac6a1de779880dd5cb35ac2 mes5/x86_64/lib64wbclient0-3.2.15-0.1mdvmes5.x86_64.rpm
97bc3355ba4fb14cf7fdcf3de573a756 mes5/x86_64/lib64wbclient-devel-3.2.15-0.1mdvmes5.x86_64.rpm
58e2bad7d693718fa7b2325c9a3ffe7d mes5/x86_64/mount-cifs-3.2.15-0.1mdvmes5.x86_64.rpm
5f5705776b2d82f177e9bacc65871f54 mes5/x86_64/nss_wins-3.2.15-0.1mdvmes5.x86_64.rpm
77fceb32cdfe7d51c18af0cff52e04c6 mes5/x86_64/samba-client-3.2.15-0.1mdvmes5.x86_64.rpm
c2bb12c0752dbed3294b4c0c5916e8c0 mes5/x86_64/samba-common-3.2.15-0.1mdvmes5.x86_64.rpm
53356120576a52daa576305583312f42 mes5/x86_64/samba-doc-3.2.15-0.1mdvmes5.x86_64.rpm
8c3ea40fa44b17279b3ac6143696833d mes5/x86_64/samba-server-3.2.15-0.1mdvmes5.x86_64.rpm
642a8cb6ec8f6c8324b16afe7e65359b mes5/x86_64/samba-swat-3.2.15-0.1mdvmes5.x86_64.rpm
b75993170697d32dec52afecc79c991f mes5/x86_64/samba-winbind-3.2.15-0.1mdvmes5.x86_64.rpm
03855a2e42003a125af121eb9738ebd5 mes5/SRPMS/samba-3.2.15-0.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFK1bXKmqjQ0CJFipgRAnbTAKDYpf2++bD/H+jbl61t8P9IXw2GuACguZoT
zmZwuB3govO6Ux2stXPDUps=
=KymD
-----END PGP SIGNATURE-----
| VAR-200909-0576 | CVE-2009-2629 | Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 0.7.62 *>= 0.5.38
*>= 0.6.39
>= 0.7.62
Description
===========
Chris Ries reported a heap-based buffer underflow in the
ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when
parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All nginx 0.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38
All nginx 0.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39
All nginx 0.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62
References
==========
[ 1 ] CVE-2009-2629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-18.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1884-1 security@debian.org
http://www.debian.org/security/ Nico Golde
September 14th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : nginx
Vulnerability : buffer underflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2629
Chris Ries discovered that nginx, a high-performance HTTP server, reverse
proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when
processing certain HTTP requests.
For the oldstable distribution (etch), this problem has been fixed in
version 0.4.13-2+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 0.6.32-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 0.7.61-3.
We recommend that you upgrade your nginx packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz
Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz
Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc
Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb
Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb
Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb
Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb
Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb
Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb
Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb
Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb
Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb
Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb
Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb
Size/MD5 checksum: 185032 15212749985501b223af7888447fc433
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc
Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz
Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz
Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb
Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb
Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb
Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb
Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb
Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb
Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb
Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb
Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb
Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb
Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl
pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH
=Xrul
-----END PGP SIGNATURE-----
| VAR-200909-0306 | CVE-2009-2201 | Apple Xsan Admin Error Message Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. Apple Xsan is prone to an information-disclosure vulnerability affecting the Xsan Admin component.
Successful exploits may allow attackers with physical access to an affected computer to obtain password data. Information harvested may aid in launching further attacks.
Versions prior to Xsan 2.2 are vulnerable. Xsan is an enterprise-class storage network solution, and Xsan Admin is an application for simplifying SAN management. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Xsan Admin Connection URL Username/Password Disclosure
SECUNIA ADVISORY ID:
SA36673
VERIFY ADVISORY:
http://secunia.com/advisories/36673/
DESCRIPTION:
A security issue has been reported in Xsan, which may disclose
sensitive information to malicious people with physical access to a
system. Any person able to see the
user's display could gain knowledge of this information.
SOLUTION:
Update to version 2.2.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Ben Greisler, Kadimac Corp Macintosh Integrators.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3797
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0206 | CVE-2009-3271 | iPhone OS Run on Apple Safari Service disruption in ( Application crash ) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. The Safari browser on the Apple iPhone is prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash the application.
This issue affects Apple iPhone 3.0.1; other versions may be vulnerable as well. iPhone is a smartphone released by Apple
| VAR-200909-0179 | CVE-2009-3322 | Siemens Gigaset SE361 WLAN Service disruption in routers (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723. Siemens Gigaset SE361 WLAN is prone to a denial-of-service vulnerability.
Successful exploits will cause an affected device to crash and reboot, denying service to legitimate users.
This issue affects firmware 1.00.2 and prior versions. Gigaset SE361 WLAN is a small wireless router. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Gigaset SE361 WLAN Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA36697
VERIFY ADVISORY:
http://secunia.com/advisories/36697/
DESCRIPTION:
crashbrz has reported a vulnerability in Gigaset SE361 WLAN, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
SOLUTION:
Restrict local network access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
crashbrz
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/9646
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0580 | No CVE | Siemens Gigaset SE361 WLAN TCP Packet Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Gigaset SE361 WLAN is a small wireless router.
A remote attacker can cause the device to restart by sending a large number of TCP packets to Gigaset SE361 WLAN port 1723.
| VAR-200909-0760 | CVE-2009-2804 | Apple Mac OS of ColorSync Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects the ColorSync component.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
The following versions are affected:
Mac OS X 10.4.11 and prior
Mac OS X Server 10.4.11 and prior
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Integer overflow vulnerabilities exist in Mac OS X and Safari systems running on Windows platforms.
For more information see vulnerability #4 in:
SA36701
2) An error exists when handling an "Open Image in New Tab", "Open
Image in New Window", or "Open Link in New Tab" shortcut menu action
performed on a link to a local file. This can be exploited to load a
local HTML file and disclose sensitive information by tricking a user
into performing the affected actions within a specially crafted
webpage.
3) An error exists in WebKit when sending "preflight" requests
originating from a page in a different origin. This can be exploited
to facilitate cross-site request forgery attacks by injecting custom
HTTP headers.
5) An error in WebKit when handling an HTML 5 Media Element on Mac OS
X can be exploited to bypass remote image loading restrictions via
e.g. HTML-formatted emails.
NOTE: Some errors leading to crashes, caused by the included libxml2
library, have also been reported.
SOLUTION:
Update to version 4.0.4.
PROVIDED AND/OR DISCOVERED BY:
1-3, 5) Reported by the vendor. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------