[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 500/04 - Gentoo - Security Advisories: Multiple vulnerabilities in Usermin & Samba: Denial of Service vulnerabilities

To: <uniras@xxxxxxxxxxxx>
Subject: UNIRAS Brief - 500/04 - Gentoo - Security Advisories: Multiple vulnerabilities in Usermin & Samba: Denial of Service vulnerabilities
From: "UNIRAS \(HM Govt CERT \(HD\)\)" <uniras@xxxxxxxxxxxx>
Date: Tue, 14 Sep 2004 14:12:56 +0100
Cc: <interim@xxxxxxxxxxxxxxxxxx>
Delivered-to: mailing list interim@xxxxxxxxxxxxxxxxxx
Delivered-to: moderator for interim@xxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:interim-help@lists.niscc.gov.uk>
List-post: <mailto:interim@lists.niscc.gov.uk>
List-subscribe: <mailto:interim-subscribe@lists.niscc.gov.uk>
List-unsubscribe: <mailto:interim-unsubscribe@lists.niscc.gov.uk>
Mailing-list: contact interim-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Niscc
Reply-to: <uniras@xxxxxxxxxxxx>

 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 500/04 dated 14.09.04  Time: 14:11  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Gentoo Security Advisories:
Webmin, Usermin: Multiple vulnerabilities in Usermin
Samba: Denial of Service vulnerabilities

Detail
====== 
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200409-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Webmin, Usermin: Multiple vulnerabilities in Usermin
      Date: September 12, 2004
      Bugs: #63167
        ID: 200409-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in the webmail function of Usermin could be used by an 
attacker to execute shell code via a specially-crafted e-mail. A bug in 
the installation script of Webmin and Usermin also allows a local user 
to execute a symlink attack at installation time.

Background
==========

Webmin and Usermin are web-based system administration consoles. Webmin 
allows an administrator to easily configure servers and other features. 
Usermin allows users to configure their own accounts, execute commands, 
and read e-mail. The Usermin functionality, including webmail, is also 
included in Webmin.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  app-admin/usermin       < 1.090                          >= 1.090
  2  app-admin/webmin        < 1.160                          >= 1.160
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

There is an input validation bug in the webmail feature of Usermin.

Additionally, the Webmin and Usermin installation scripts write to 
/tmp/.webmin without properly checking if it exists first.

Impact
======

The first vulnerability allows a remote attacker to inject arbitrary 
shell code in a specially-crafted e-mail. This could lead to remote 
code execution with the privileges of the user running Webmin or 
Usermin.

The second could allow local users who know Webmin or Usermin is going 
to be installed to have arbitrary files be overwritten by creating a 
symlink by the name /tmp/.webmin that points to some target file, 
e.g. /etc/passwd.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Usermin users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=app-admin/usermin-1.090"
    # emerge ">=app-admin/usermin-1.090"

All Webmin users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=app-admin/webmin-1.160"
    # emerge ">=app-admin/webmin-1.160"

References
==========

  [ 1 ] Secunia Advisory SA12488
        http://secunia.com/advisories/12488/
  [ 2 ] Usermin Changelog
        http://www.webmin.com/uchanges.html

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo 
Security Website:

  http://security.gentoo.org/glsa/glsa-200409-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality 
and security of our users machines is of utmost importance to us. Any 
security concerns should be addressed to security@xxxxxxxxxx or 
alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQUSoAbDO2aFJ9pv2AQIrDggAuEDR9uz2KNl/7Z0a+kn/wZ0eaf4/gmsS
RG6539CXmk9m4HIyz204duru9Qp8LTAhBabOvf4VyofWNtKEhF+Ide5w++4rBkKE
mEeD4fCOEr4TUMjVx8qSXjbGSSzGYCREB2PwnHm+G8k3RFaqgtEPmusBr0Kh0WWh
UwKGGIuHU5m8LuT1kq7frGDy7zZzbPtOPqp3vkSDsaIQhJckk6cIUlo/qezwrBtg
t9oZ8qm1cILR0n+y9IxbBVdZLRwhHoLpBrBI/spJOT2+J7Szl/RRyn78eFtAqjVx
G9Ng8RO36Q/JBMdrzNx/zwTEsLTRNi1nkpMFrOMyBNzjTIhZBlZ+Bg==
=wprj
- -----END PGP SIGNATURE-----


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200409-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Samba: Denial of Service vulnerabilities
      Date: September 13, 2004
        ID: 200409-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Two Denial of Service vulnerabilities have been found and fixed in Samba.

Background
==========

Samba is a freely available SMB/CIFS implementation which allows seamless 
interoperability of file and print services to other SMB/CIFS clients. 
smbd and nmbd are two daemons used by the Samba server.

Affected packages
=================

    -------------------------------------------------------------------
     Package       /  Vulnerable  /                         Unaffected
    -------------------------------------------------------------------
  1  net-fs/samba       < 3.0.7                               >= 3.0.7
                                                                 < 3.0

Description
===========

There is a defect in smbd's ASN.1 parsing. A bad packet received during 
the authentication request could throw newly-spawned smbd processes into 
an infinite loop (CAN-2004-0807). Another defect was found in nmbd's 
processing of mailslot packets, where a bad NetBIOS request could crash 
the nmbd process (CAN-2004-0808).

Impact
======

A remote attacker could send specially crafted packets to trigger both 
defects. The ASN.1 parsing issue can be exploited to exhaust all available 
memory on the Samba host, potentially denying all service to that server. 
The nmbd issue can be exploited to crash the nmbd process, resulting in 
a Denial of Service condition on the Samba server.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Samba 3.x users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=net-fs/samba-3.0.7"
    # emerge ">=net-fs/samba-3.0.7"

References
==========

  [ 1 ] CAN-2004-0807
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
  [ 2 ] CAN-2004-0808
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo 
Security Website:

  http://security.gentoo.org/glsa/glsa-200409-16.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality 
and security of our users machines is of utmost importance to us. Any 
security concerns should be addressed to security@xxxxxxxxxx or 
alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Gentoo Foundation, Inc for the 
information contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQUbuSIpao72zK539AQGBNAQAuJan5/9nqZ8uZXJi/b2skPdVt5WXsj+L
bj5/zRQv8wJgIuKRwV34/4Wgo4JjHw6IhB2lUJM2I0bsveA2NkC/tyy4/2x2Owto
N9sCqx9OJa8PupAwwfs+9ZO7FouA6rWMzsNUzbPrPfjnzAppLvykn2ahHIP2x7gJ
F5lhsX7JkTI=
=BBoN
-----END PGP SIGNATURE-----

Prev by Date: UNIRAS Brief - 499/04 - OpenPKG - kerberos vulnerability
Next by Date: UNIRAS Brief - 501/04 - Conectiva - kde & zlib vulnerabilities
Previous by thread: UNIRAS Brief - 499/04 - OpenPKG - kerberos vulnerability
Next by thread: UNIRAS Brief - 501/04 - Conectiva - kde & zlib vulnerabilities
Index(es):
- Date
- Thread