svn commit: samba-web r1150 - in trunk: . history security
jerry at samba.org
jerry at samba.org
Thu Nov 15 14:05:57 GMT 2007
Author: jerry
Date: 2007-11-15 14:05:56 +0000 (Thu, 15 Nov 2007)
New Revision: 1150
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1150
Log:
Samba 3.0.27 release announcement details
Added:
trunk/history/samba-3.0.27.html
trunk/security/CVE-2007-4572.html
trunk/security/CVE-2007-5398.html
Modified:
trunk/header_columns.html
trunk/history/header_history.html
trunk/history/security.html
trunk/index.html
Changeset:
Modified: trunk/header_columns.html
===================================================================
--- trunk/header_columns.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/header_columns.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -130,9 +130,9 @@
<div class="releases">
<h4>Current Stable Release</h4>
<ul>
- <li><a href="/samba/ftp/stable/samba-3.0.26a.tar.gz">Samba 3.0.26a (gzipped)</a></li>
- <li><a href="/samba/history/samba-3.0.26a.html">Release Notes</a></li>
- <li><a href="/samba/ftp/stable/samba-3.0.26a.tar.asc">Signature</a></li>
+ <li><a href="/samba/ftp/stable/samba-3.0.27.tar.gz">Samba 3.0.27 (gzipped)</a></li>
+ <li><a href="/samba/history/samba-3.0.27.html">Release Notes</a></li>
+ <li><a href="/samba/ftp/stable/samba-3.0.27.tar.asc">Signature</a></li>
</ul>
<h4>Historical</h4>
Modified: trunk/history/header_history.html
===================================================================
--- trunk/history/header_history.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/history/header_history.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -77,6 +77,10 @@
<div class="notes">
<h6>Release Notes</h6>
<ul>
+ <li><a href="samba-3.0.27.html">samba-3.0.27</a></li>
+ <li><a href="samba-3.0.26a.html">samba-3.0.26a</a></li>
+ <li><a href="samba-3.0.26.html">samba-3.0.26</a></li>
+ <li><a href="samba-3.0.25c.html">samba-3.0.25c</a></li>
<li><a href="samba-3.0.25b.html">samba-3.0.25b</a></li>
<li><a href="samba-3.0.25a.html">samba-3.0.25a</a></li>
<li><a href="samba-3.0.25.html">samba-3.0.25</a></li>
Added: trunk/history/samba-3.0.27.html
===================================================================
--- trunk/history/samba-3.0.27.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/history/samba-3.0.27.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -0,0 +1,54 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.0.27 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.0.27
+ Nov 15, 2007
+ ==============================
+
+Samba 3.0.27 is a security release in order to address the following
+defects:
+
+ o CVS-2007-4572
+ Stack buffer overflow in nmbd's logon request processing.
+
+ o CVE-2007-5398
+ Remote code execution in Samba's WINS server daemon (nmbd)
+ when processing name registration followed name query requests.
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.26a
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * Fix for CVS-2007-4572.
+ * Fix for CVE-2007-5398.
+
+
+o Simo Sorce <idra at samba.org>
+ * Additional fixes for CVS-2007-4572.
+</pre>
+
+<p>Please refer to the original <a href="/samba/history/samba-3.0.26a.html">Samba
+3.0.26a Release Notes</a> for more details regarding changes in
+previous releases.</p>
+</body>
+</html>
+
Property changes on: trunk/history/samba-3.0.27.html
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/history/security.html
===================================================================
--- trunk/history/security.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/history/security.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -22,6 +22,24 @@
</tr>
<tr>
+ <td>15 Nov 2007</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td>
+ <td>Remote Code Execution in Samba's nmbd</td>
+ <td>Samba 3.0.0 - 3.0.26a</td>
+ <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4398">CVE-2007-5398</a></td>
+ <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>15 Nov 2007</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td>
+ <td>GETDC mailslot processing buffer overrun in nmbd</td>
+ <td>Samba 3.0.0 - 3.0.26a</td>
+ <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4572</a></td>
+ <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td>
+ </tr>
+
+ <tr>
<td>11 Sep 2007</td>
<td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
<td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
Modified: trunk/index.html
===================================================================
--- trunk/index.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/index.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -19,51 +19,26 @@
<h2>Current Release</h2>
- <h4><a name="latest">28 Sep 2007</a></h4>
- <p class="headline">Samba 3.2.0pre1 Available for Download</p>
+ <h4><a name="latest">15 Nov 2007</a></h4>
+ <p class="headline">Samba 3.0.27 Available for Download</p>
- <p>The first preview release of Samba 3.2.0 is now available for
- testing. This release is <em>not</em> intended for production
- servers. An overview of the included changes are described in
- the <a href="/samba/ftp/pre/WHATSNEW-3-2-0pre1.txt">Release
- Notes</a>. Please report any defects via the Samba bug reporting
- system at the <a href="https://bugzilla.samba.org/">Samba
- Bugzilla System</a>.</p>
+ <p>Samba 3.0.27 is a security release to
+ address <a href="/samba/security/CVE-2007-4572.html">CVE-2007-4572</a>
+ and <a href="/samba/security/CVE-2007-5398.html">CVE-2007-5398</a>.</p>
- <p>Be aware that Samba is now distributed under the version
- 3 of the new GNU General Public License. The
- <a href="http://news.samba.org/announcements/samba_gplv3/">original
- announcement</a> can be read online.</p>
-
- <p>The <a href="/samba/ftp/pre/">Samba 3.2.0pre1</a> source code
- can be downloaded now. If you prefer, the <a href="/samba/ftp/pre/">patch
- files against previous releases</a> are also available for download.
+ <p>The <a href="/samba/ftp/stable/samba-3.0.27.tar.gz">Samba 3.0.27</a> source code
+ (<a href="/samba/ftp/stable/samba-3.0.27.tar.asc">GPG
+ signature</a>) can be downloaded now. If you prefer, the
+ <a href="/samba/ftp/patches/patch-3.0.26a-3.0.27.diffs.gz">patch
+ file against previous releases</a>
+ (<a href="/samba/ftp/patches/patch-3.0.26a-3.0.27.diffs.asc">GPG
+ signature</a>) is also available for download.
Please read these <a href="/samba/download/">instructions on
how to verify the gpg signature</a>. Precompiled packages will
be made available on a volunteer basis and can be found in the
<a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p>
- <h4><a name="latest">11 Sep 2007</a></h4>
- <p class="headline">Samba 3.0.26 and Samba 3.0.26a Available for Download</p>
- <p>Samba 3.0.26 and Samba 3.0.26a are now available for download.
- Samba 3.0.26 is a security release to address <a href="/samba/security/CVE-2007-4138.html">CVE-2007-4138</a>.
- Samba 3.0.26a is the latest bug fix release for the Samba 3.0.26
- code base and is the version that servers should run for all
- current Samba 3.0 bug fixes. Please review the <a
- href="/samba/history/samba-3.0.26a.html">Release Notes</a> for a
- complete of list of changes.</p>
-
- <p>The <a href="/samba/ftp/stable/samba-3.0.26.tar.gz">Samba 3.0.26</a>
- and <a href="/samba/ftp/samba-3.0.26a.tar.gz">Samba 3.0.26a</a>
- source code can be downloaded now.
- If you prefer, the <a href="/samba/ftp/patches/">patch
- files against previous releases</a> are also available for download.
- Please read these <a href="/samba/download/">instructions on
- how to verify the gpg signature</a>. Precompiled packages will
- be made available on a volunteer basis and can be found in the
- <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p>
-
<h4>4 September 2007</h4>
<p class="headline">Samba 4.0.0 alpha1 Available for Download</p>
Added: trunk/security/CVE-2007-4572.html
===================================================================
--- trunk/security/CVE-2007-4572.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/security/CVE-2007-4572.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -0,0 +1,85 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2007-5398 - Remote Code Execution in Samba's nmbd</H2>
+
+<p>
+<pre>
+==========================================================
+==
+== Subject: Remote code execution in Samba's WINS
+== server daemon (nmbd) when processing name
+== registration followed name query requests.
+==
+== CVE ID#: CVE-2007-5398
+==
+== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
+==
+== Summary: When nmbd has been configured as a WINS
+== server, a client can send a series of name
+== registration request followed by a specific
+== name query request packet and execute
+== arbitrary code.
+==
+==========================================================
+
+===========
+Description
+===========
+
+Secunia Research reported a vulnerability that allows for
+the execution of arbitrary code in nmbd. This defect may
+only be exploited when the "wins support" parameter has
+been enabled in smb.conf.
+
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 3.0.27 has been issued as a security
+release to correct the defect.
+
+
+==========
+Workaround
+==========
+
+Samba administrators may avoid this security issue by
+disabling the "wins support" feature in the hosts smb.conf
+file.
+
+
+=======
+Credits
+=======
+
+This vulnerability was reported to Samba developers by
+Alin Rad Pop, Secunia Research.
+
+The time line is as follows:
+
+* Oct 30, 2007: Initial report to security at samba.org.
+* Oct 30, 2007: First response from Samba developers confirming
+ the bug along with a proposed patch.
+* Nov 15, 2007: Public security advisory to be made available.
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
Added: trunk/security/CVE-2007-5398.html
===================================================================
--- trunk/security/CVE-2007-5398.html 2007-09-29 04:26:39 UTC (rev 1149)
+++ trunk/security/CVE-2007-5398.html 2007-11-15 14:05:56 UTC (rev 1150)
@@ -0,0 +1,88 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2>
+
+
+<p>
+<pre>
+==========================================================
+==
+== Subject: Stack buffer overflow in nmbd's logon
+== request processing.
+==
+== CVE ID#: CVE-2007-4572
+==
+== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
+==
+== Summary: Processing of specially crafted GETDC
+== mailslot requests can result in a buffer
+== overrun in nmbd. It is not believed that
+== that this issues can be exploited to
+== result in remote code execution.
+==
+==========================================================
+
+===========
+Description
+===========
+
+Samba developers have discovered what is believed to be
+a non-exploitable buffer over in nmbd during the processing
+of GETDC logon server requests. This code is only used
+when the Samba server is configured as a Primary or Backup
+Domain Controller.
+
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 3.0.27 has been issued as a security
+release to correct the defect.
+
+
+==========
+Workaround
+==========
+
+Samba administrators may avoid this security issue by disabling
+both the "domain logons" and the "domain master" options in in
+the server's smb.conf file. Note that this will disable all
+domain controller features as well.
+
+
+=======
+Credits
+=======
+
+This vulnerability was discovered by Samba developers during
+an internal code audit.
+
+The time line is as follows:
+
+* Sep 13, 2007: Initial report to security at samba.org including
+ proposed patch.
+* Sep 14, 2007: Patch review by members of the Josh Bressers
+ (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
+* Nov 15, 2007: Public security advisory made available.
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
More information about the samba-cvs
mailing list