USN-839-1: Samba vulnerabilities

Ubuntu Security Notice USN-839-1

1st October, 2009

samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Software description

  • samba

Details

J. David Hester discovered that Samba incorrectly handled users that lack
home directories when the automated [homes] share is enabled. An
authenticated user could connect to that share name and gain access to the
whole filesystem. (CVE-2009-2813)

Tim Prouty discovered that the smbd daemon in Samba incorrectly handled
certain unexpected network replies. A remote attacker could send malicious
replies to the server and cause smbd to use all available CPU, leading to a
denial of service. (CVE-2009-2906)

Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, would not verify user permissions before opening a
credentials file. A local user could exploit this to use or read the
contents of unauthorized credential files. (CVE-2009-2948)

Reinhard Nißl discovered that the smbclient utility contained format string
vulnerabilities in its file name handling. Because of security features in
Ubuntu, exploitation of this vulnerability is limited. If a user or
automated system were tricked into processing a specially crafted file
name, smbclient could be made to crash, possibly leading to a denial of
service. This only affected Ubuntu 8.10. (CVE-2009-1886)

Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled
permissions to modify access control lists when dos filemode is enabled. A
remote attacker could exploit this to modify access control lists. This
only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.04:
smbfs 2:3.3.2-1ubuntu3.2
samba 2:3.3.2-1ubuntu3.2
Ubuntu 8.10:
smbclient 2:3.2.3-1ubuntu3.6
samba 2:3.2.3-1ubuntu3.6
smbfs 2:3.2.3-1ubuntu3.6
Ubuntu 8.04 LTS:
smbfs 3.0.28a-1ubuntu4.9
samba 3.0.28a-1ubuntu4.9
Ubuntu 6.06 LTS:
smbfs 3.0.22-1ubuntu3.9
samba 3.0.22-1ubuntu3.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948