[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] samba security holes

To: linux-security
Subject: [linux-security] samba security holes
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:23:04 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
incorrect usage of temporary files on samba server

Problem Description
===================
The security hole involves an incorrect usage of
temporary files and can be exploited by a local user with a shell
account on the Samba server to destroy data on a local device, such as
/dev/hda. The exploit is relatively easy to perform so all sites with
untrusted local users should update immediately.

Affected Systems
================
All samba versions < 2.0.8

Solution
========
upgrade to either version 2.0.8 or version 2.2.0.

Debian 2.2 (potato)
-------------------
upgrade to samba-common_2.0.7-3.2_i386.deb,
           samba_2.0.7-3.2_i386.deb,
           smbclient_2.0.7-3.2_i386.deb,
           smbfs_2.0.7-3.2_i386.deb,
           swat_2.0.7-3.2_i386.deb

Mandrake 7.1
------------
rpm -Fvh samba-2.0.8-1.2mdk.i586.rpm \
         samba-client-2.0.8-1.2mdk.i586.rpm \
         samba-common-2.0.8-1.2mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh samba-2.0.8-1.1mdk.i586.rpm \
         samba-client-2.0.8-1.1mdk.i586.rpm \
         samba-common-2.0.8-1.1mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh samba-2.0.8-1.3mdk.i586.rpm \
         samba-client-2.0.8-1.3mdk.i586.rpm \
         samba-common-2.0.8-1.3mdk.i586.rpm

Caldera OpenLinux 2.3
---------------------
rpm -Fvh samba-2.0.5-2.i386.rpm \
         samba-doc-2.0.5-2.i386.rpm \
         smbfs-2.0.5-2.i386.rpm \
         swat-2.0.5-2.i386.rpm

Caldera OpenLinux eServer 2.3.1
-------------------------------
rpm -Fvh samba-2.0.5-2S.i386.rpm \
         samba-doc-2.0.5-2S.i386.rpm \
         smbfs-2.0.5-2S.i386.rpm \
         swat-2.0.5-2S.i386.rpm

Caldera OpenLinux eDesktop 2.4
------------------------------
rpm -Fvh samba-2.0.6-3.i386.rpm \
         samba-doc-2.0.6-3.i386.rpm \
         smbfs-2.0.6-3.i386.rpm \
         swat-2.0.6-3.i386.rpm

RedHat
------
All versions of RedHat are affected by this bug, however, RedHat has not yet
released new versions of samba (although they are aware of the bug).

Prev by Date: [linux-security] mgetty bugs
Next by Date: [linux-security] format string bugs in gftp
Prev by thread: [linux-security] format string bugs in gftp
Next by thread: [linux-security] mgetty bugs
Index(es):
- Date
- Thread