Secure testing team - Feb 2010 - Bug#568942: samba: mtab corruption via malicious crafted string

Package: samba
Version: 2:3.4.5~dfsg-1
Severity: grave
Tags: security
Justification: user security hole


Hi,

a security bug has been discovered in all versions of Samba up to and 
including 3.4.5. 
It is possible to cause mtab corruption via a specially crafted string.
More information at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054

Regards,
Pedro

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (900, ''testing''), (650,
''unstable''), (600, ''experimental''), (500,
''testing-proposed-updates'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.33-rc7 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages samba depends on:
ii  adduser                3.112             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.28            Debian configuration management sy
ii  libacl1                2.2.49-2          Access control list shared library
ii  libattr1               1:2.4.44-1        Extended attribute shared library
ii  libc6                  2.10.2-2          GNU C Library: Shared libraries
ii  libcap2                1:2.17-2          support for getting/setting POSIX.
ii  libcomerr2             1.41.9-1          common error description library
ii  libcups2               1.4.2-4           Common UNIX Printing System(tm) - 
ii  libgnutls26            2.8.5-2           the GNU TLS library - runtime libr
ii  libgssapi-krb5-2       1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - k
ii  libk5crypto3           1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - C
ii  libkrb5-3              1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries
ii  libldap-2.4-2          2.4.17-2.1        OpenLDAP libraries
ii  libpam-modules         1.1.0-4           Pluggable Authentication Modules f
ii  libpam-runtime         1.1.0-4           Runtime support for the PAM librar
ii  libpam0g               1.1.0-4           Pluggable Authentication Modules l
ii  libpopt0               1.15-1            lib for parsing cmdline parameters
ii  libtalloc2             2.0.1-1           hierarchical pool based memory all
ii  libwbclient0           2:3.4.5~dfsg-1    Samba winbind client library
ii  lsb-base               3.2-23            Linux Standard Base 3.2 init scrip
ii  procps                 1:3.2.8-2         /proc file system utilities
ii  samba-common           2:3.4.5~dfsg-1    common files used by both the Samb
ii  update-inetd           4.35              inetd configuration file updater
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

Versions of packages samba recommends:
ii  logrotate                     3.7.8-4    Log rotation utility

Versions of packages samba suggests:
pn  ctdb                        <none>       (no description available)
pn  ldb-tools                   <none>       (no description available)
ii  openbsd-inetd [inet-superse 0.20080125-4 The OpenBSD Internet Superserver
pn  smbldap-tools               <none>       (no description available)

-- debconf information excluded