[CS-FSLUG] Latest from US CERT
Bradly McConnell
bradly.mcconnell at gmail.com
Wed Nov 3 16:55:58 CST 2004
Here's a vulnerability some of us may need to watch out for:
"Multiple buffer overflow vulnerabilities exist in Samba that could
allow a remote user to execute arbitrary code on the target system.
These are caused by boundary errors when decoding base64 data and when
handling 'mangling method = hash.'
Upgrade to version 3.0.5 or 2.2.10 available at: http://us2.samba.org/samba/ftp/
Conectiva:
ftp://atualizacoes.conectiva.com.br
RedHat: RedHat Enterprise Linux AS 3, ES 3, WS 3:
http://rhn.redhat.com/
Gentoo:
http://security.gentoo.org/glsa/glsa-200407-21.xml
Mandrakesoft: Mandrake Multi Network Firewall 8.x, 9.x; Mandrake
Corporate Server 2.x
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:071
SuSE: SuSE Linux, Email, Database, and Enterprise Servers
http://www.suse.de/de/security/2004_22_samba.html
Trustix:
http://http.trustix.org/pub/trustix/updates/
Sun: http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57664-1&searchclause=
A working exploit has been published."
There are a few others for glibc, kaffeine, mozilla, etc. Here's the
link to the latest report:
http://www.us-cert.gov/cas/bulletins/SB04-308.html
Brad
More information about the Christiansource
mailing list