[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] root exploit in samba

To: linux-security
Subject: [linux-security] root exploit in samba
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 6 Jul 2001 11:49:47 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
Netbios vulnerability in samba versions < 2.0.10 may allow overwriting
of system files (with all possible consequences: DoS attack, root exploit).

Problem Description
===================
A vulnerability in all versions of Samba prior to 2.0.10 where if a client
sends an invalid netbios name Samba could be tricked into appending it's log
to files writable by root. This can be very dangerous if combined with a
symlink created by a local user. Note that the log files must be specified as
%m.log in order for this to work.

Affected Systems
================
Linux Systems using Samba versions < 2.0.10.

Solution
========
Upgrade to version 2.0.10 (or patched version for your distribution).

RedHat 6.x
----------
rpm -Fvh samba-2.0.10-0.62.i386.rpm \
         samba-common-2.0.10-0.62.i386.rpm \
         samba-client-2.0.10-0.62.i386.rpm

RedHat 7.0
----------
rpm -Fvh samba-2.0.10-0.7.i386.rpm \
         samba-common-2.0.10-0.7.i386.rpm \
         samba-client-2.0.10-0.7.i386.rpm

RedHat 7.1
----------
rpm -Fvh samba-2.0.10-2.i386.rpm \
         samba-common-2.0.10-2.i386.rpm \
         samba-client-2.0.10-2.i386.rpm \
         samba-swat-2.0.10-2.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to: samba_2.0.7-3.4_i386.deb
            samba-common_2.0.7-3.4_i386.deb
            smbclient_2.0.7-3.4_i386.deb
            smbfs_2.0.7-3.4_i386.deb
            swat_2.0.7-3.4_i386.deb

Mandrake 7.1
------------
rpm -Fvh samba-2.0.10-1.3mdk.i586.rpm \
         samba-client-2.0.10-1.3mdk.i586.rpm \
         samba-common-2.0.10-1.3mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh samba-2.0.10-1.2mdk.i586.rpm \
         samba-client-2.0.10-1.2mdk.i586.rpm \
         samba-common-2.0.10-1.2mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh samba-2.0.10-1.1mdk.i586.rpm \
         samba-client-2.0.10-1.1mdk.i586.rpm \
         samba-common-2.0.10-1.1mdk.i586.rpm

Caldera
-------
see: http://www.caldera.com/support/security/advisories/CSSA-2001-024.0.txt

Prev by Date: [linux-security] X security update
Next by Date: Re: [linux-security] iptables security hole
Prev by thread: [linux-security] remote root exploit in xinetd
Next by thread: [linux-security] X security update
Index(es):
- Date
- Thread