[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] samba security holes



Topic
=====
incorrect usage of temporary files on samba server

Problem Description
===================
The security hole involves an incorrect usage of
temporary files and can be exploited by a local user with a shell
account on the Samba server to destroy data on a local device, such as
/dev/hda. The exploit is relatively easy to perform so all sites with
untrusted local users should update immediately.

Affected Systems
================
All samba versions < 2.0.8

Solution
========
upgrade to either version 2.0.8 or version 2.2.0.

Debian 2.2 (potato)
-------------------
upgrade to samba-common_2.0.7-3.2_i386.deb,
           samba_2.0.7-3.2_i386.deb,
           smbclient_2.0.7-3.2_i386.deb,
           smbfs_2.0.7-3.2_i386.deb,
           swat_2.0.7-3.2_i386.deb

Mandrake 7.1
------------
rpm -Fvh samba-2.0.8-1.2mdk.i586.rpm \
         samba-client-2.0.8-1.2mdk.i586.rpm \
         samba-common-2.0.8-1.2mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh samba-2.0.8-1.1mdk.i586.rpm \
         samba-client-2.0.8-1.1mdk.i586.rpm \
         samba-common-2.0.8-1.1mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh samba-2.0.8-1.3mdk.i586.rpm \
         samba-client-2.0.8-1.3mdk.i586.rpm \
         samba-common-2.0.8-1.3mdk.i586.rpm

Caldera OpenLinux 2.3
---------------------
rpm -Fvh samba-2.0.5-2.i386.rpm \
         samba-doc-2.0.5-2.i386.rpm \
         smbfs-2.0.5-2.i386.rpm \
         swat-2.0.5-2.i386.rpm

Caldera OpenLinux eServer 2.3.1
-------------------------------
rpm -Fvh samba-2.0.5-2S.i386.rpm \
         samba-doc-2.0.5-2S.i386.rpm \
         smbfs-2.0.5-2S.i386.rpm \
         swat-2.0.5-2S.i386.rpm

Caldera OpenLinux eDesktop 2.4
------------------------------
rpm -Fvh samba-2.0.6-3.i386.rpm \
         samba-doc-2.0.6-3.i386.rpm \
         smbfs-2.0.6-3.i386.rpm \
         swat-2.0.6-3.i386.rpm

RedHat
------
All versions of RedHat are affected by this bug, however, RedHat has not yet
released new versions of samba (although they are aware of the bug).