> Can Tridge or anyone else confirm whether or not this bug was present in > Samba versions earlier than 2.0.7 ? The bug was introduced into the CVS tree on June 27th 1997. That means all versions from (and including) 1.9.17alpha4 are vulnerable. Amazingly, the bug went undetected through several security audits by various companies over the last 4 years. The impact of the bug varies a little between versions. In the 2.0.7 release the exploit is only easy (and perhaps only possible, but I won't guarantee it) if you are exporting printer shares. In either case, we consider it a serious enough risk that all sites should upgrade as soon as possible, especially if you have untrusted users with shell accounts. Note that the bug is not a race condition. Given the right conditions the exploit will be successful first time every time. (ie. it is not a classic mktemp race) Cheers, Tridge
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 21:58:25 PDT