Security Update: [CSSA-2001-018.0] samba /tmp problems

From: Caldera Support Information (sup-infoat_private)
Date: Fri May 18 2001 - 14:43:45 PDT

Next message: Greg A. Woods: "Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)"

Previous message: Wietse Venema: "Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		samba /tmp problems
Advisory number: 	CSSA-2001-018.0
Issue date: 		2001 May, 18
Cross reference:	CSSA-2001-015.0
______________________________________________________________________________


1. Problem Description

   The previous Samba update fixed several places within the
   samba server code that allowed local attackers to gain root
   access.

   Unfortunately the patch used was slightly incorrect and did not
   fix the problem completely.

   The Samba 2.0.9 release fixes this problem, this security
   update backports it to our released Samba packages.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		All packages previous to
   				samba-2.0.5-3

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	samba-2.0.5-3S

   OpenLinux eDesktop 2.4       All packages previous to
   				samba-2.0.6-4

3. Solution

   Workaround

      none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       6538311492da60de2fd81e4579c786af  RPMS/samba-2.0.5-3.i386.rpm
       098d66faee2cc1c50921f39dcd473aa2  RPMS/samba-doc-2.0.5-3.i386.rpm
       fd564ec85358666bcfb5b691bd86f416  RPMS/smbfs-2.0.5-3.i386.rpm
       111c64faf3524930b6c648beba2a7e62  RPMS/swat-2.0.5-3.i386.rpm
       8fb09b8512aee8d5164d5fa9abef8205  SRPMS/samba-2.0.5-3.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv s*.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       39cc6ebd5216649346a7091395aee135  RPMS/samba-2.0.5-3S.i386.rpm
       b4278e491326d4ce3a7b81d017872bce  RPMS/samba-doc-2.0.5-3S.i386.rpm
       d3b59dfa2a365a6c0a13d580164f8b58  RPMS/smbfs-2.0.5-3S.i386.rpm
       cef24c9d65a9365ccec3753828c5c945  RPMS/swat-2.0.5-3S.i386.rpm
       e35e8e614a4d5f597b5f9a764162778d  SRPMS/samba-2.0.5-3S.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fvh s*i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       1ff64fd57d531816037ac1c1d18b6abd  RPMS/samba-2.0.6-4.i386.rpm
       cdb3f575cbbc503699bf71e53354e382  RPMS/samba-doc-2.0.6-4.i386.rpm
       e7b7c7eb3b1ad3a80f45904607488eec  RPMS/smbfs-2.0.6-4.i386.rpm
       3d1b49c60f4359b0ee95dd5457f72ccf  RPMS/swat-2.0.6-4.i386.rpm
       b7ec58e0edc4217b2c8f19f3edb3de95  SRPMS/samba-2.0.6-4.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

       rpm -Fvh s*i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 9736.

8. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements:

   Caldera International wishes to thank the Samba Team for spotting and
   fixing this problem.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7BOeV18sy83A/qfwRAldPAKC5MNkx6EGHlZg392Pm4z2MXnASiQCcCIej
BTgb2DW8T+2NxGgmedazl8M=
=Pcmx
-----END PGP SIGNATURE-----

Next message: Greg A. Woods: "Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)"
Previous message: Wietse Venema: "Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 18 2001 - 17:27:45 PDT