Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: samba8~1.htm

Samba - local users can corrupt local devices



Vulnerability

    Samba

Affected

    Samba prior to 2.0.8

Description

    The security hole  was found by  Marcus Meissner during  a routine
    security audit  of the  Samba source  code.   The hole involved an
    incorrect usage of temporary files and can be exploited by a local
    user with a shell account on the Samba server to destroy data on a
    local device, such as /dev/hda.  The exploit is relatively easy to
    perform  so  all  sites  with  untrusted local users should update
    immediately to either version 2.0.8 or version 2.2.0.

    The bug was introduced into the CVS tree on June 27th 1997.   That
    means  all   versions  from   (and  including)   1.9.17alpha4  are
    vulnerable.   Amazingly, the  bug went  undetected through several
    security audits by various companies over the last 4 years.

    The impact of the  bug varies a little  between versions.  In  the
    2.0.7 release the exploit is only easy (and perhaps only possible,
    but we won't  guarantee it) if  you are exporting  printer shares.
    In either  case, we  consider it  a serious  enough risk  that all
    sites should upgrade as soon  as possible, especially if you  have
    untrusted users with shell accounts.

    Note  that  the  bug  is  not  a  race condition.  Given the right
    conditions the exploit will  be successful first time  every time.
    (ie. it is not a classic mktemp race)

Solution

    Samba team released Samba 2.0.8.  This release fixes a significant
    security vulnerability  that allows  local users  to corrupt local
    devices  (such  as  raw  disks).   For  most  users the Samba Team
    recommends Samba 2.2.0 which has been released.  Version 2.2.0 has
    all the security fixes plus many new features and other bug fixes.
    Version 2.0.8  is meant  for very  conservative sites  that want a
    absolutely minimal security fix rather than a large update.

    The 2.0.8 release is available at

        ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz

    the patch is available at:

        ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz

    The 2.2.0 release is available at:

        ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz

    Samba  team  does  not  plan  on  doing any more releases of Samba
    2.0.x.

    For Progeny Linux Systems:

        http://archive.progeny.com/progeny/updates/newton/samba-common_2.0.7-3.2_i386.deb
        http://archive.progeny.com/progeny/updates/newton/samba_2.0.7-3.2_i386.deb
        http://archive.progeny.com/progeny/updates/newton/smbclient_2.0.7-3.2_i386.deb

    For Immunix OS:

        http://immunix.org/ImmunixOS/6.2/updates/RPMS/samba-2.0.7-22_6.x_imnx_2.i386.rpm
        http://immunix.org/ImmunixOS/6.2/updates/RPMS/samba-client-2.0.7-22_6.x_imnx_2.i386.rpm
        http://immunix.org/ImmunixOS/6.2/updates/RPMS/samba-common-2.0.7-22_6.x_imnx_2.i386.rpm
        http://immunix.org/ImmunixOS/6.2/updates/SRPMS/samba-2.0.7-22_6.x_imnx_2.src.rpm
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/samba-2.0.7-22_imnx_2.i386.rpm
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/samba-client-2.0.7-22_imnx_2.i386.rpm
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/samba-common-2.0.7-22_imnx_2.i386.rpm
        http://immunix.org/ImmunixOS/7.0/updates/SRPMS/samba-2.0.7-22_imnx_2.src.rpm

    For Caldera Systems:

        ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
        ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
           RPMS/samba-2.0.5-3.i386.rpm
           RPMS/samba-doc-2.0.5-3.i386.rpm
           RPMS/smbfs-2.0.5-3.i386.rpm
           RPMS/swat-2.0.5-3.i386.rpm
           SRPMS/samba-2.0.5-3.src.rpm

        ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
        ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
           RPMS/samba-2.0.5-3S.i386.rpm
           RPMS/samba-doc-2.0.5-3S.i386.rpm
           RPMS/smbfs-2.0.5-3S.i386.rpm
           RPMS/swat-2.0.5-3S.i386.rpm
           SRPMS/samba-2.0.5-3S.src.rpm

        ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
        ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
           RPMS/samba-2.0.6-4.i386.rpm
           RPMS/samba-doc-2.0.6-4.i386.rpm
           RPMS/smbfs-2.0.6-4.i386.rpm
           RPMS/swat-2.0.6-4.i386.rpm
           SRPMS/samba-2.0.6-4.src.rpm

    For Trustix Secure Linux:

        http://www.trustix.net/pub/Trustix/updates/
        ftp://ftp.trustix.net/pub/Trustix/updates/
        ftp://ftp.trustix.net/pub/Trustix/software/swup/
            ./1.2/SRPMS/samba-2.0.9-1tr.src.rpm
            ./1.2/RPMS/samba-common-2.0.9-1tr.i586.rpm
            ./1.2/RPMS/samba-client-2.0.9-1tr.i586.rpm
            ./1.2/RPMS/samba-2.0.9-1tr.i586.rpm
            ./1.1/SRPMS/samba-2.0.9-1tr.src.rpm
            ./1.1/RPMS/samba-common-2.0.9-1tr.i586.rpm
            ./1.1/RPMS/samba-client-2.0.9-1tr.i586.rpm
            ./1.1/RPMS/samba-2.0.9-1tr.i586.rpm

    For Debian Linux:

        http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.2.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.2.dsc
        http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.2_all.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.2_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.2_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.2_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.2_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.2_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.2_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.2_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.2_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.2_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.2_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.2_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.2_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.2_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.2_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.2_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.2_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.2_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.2_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.2_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.2_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.2_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.2_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.2_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.2_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.2_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.2.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.2.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.2.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.2.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.2.1_sparc.deb

    Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-swat-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/samba-2.0.8-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-clients-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-doc-2.0.8-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-swat-2.0.8-1cl.i386.rpm

    For Linux-Mandrake:

        Linux-Mandrake 7.1: 7.1/RPMS/samba-2.0.9-1.2mdk.i586.rpm
                            7.1/RPMS/samba-client-2.0.9-1.2mdk.i586.rpm
                            7.1/RPMS/samba-common-2.0.9-1.2mdk.i586.rpm
                            7.1/SRPMS/samba-2.0.9-1.2mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/samba-2.0.9-1.1mdk.i586.rpm
                            7.2/RPMS/samba-client-2.0.9-1.1mdk.i586.rpm
                            7.2/RPMS/samba-common-2.0.9-1.1mdk.i586.rpm
                            7.2/SRPMS/samba-2.0.9-1.1mdk.src.rpm
        Linux-Mandrake 8.0: 8.0/RPMS/samba-2.0.9-1.3mdk.i586.rpm
                            8.0/RPMS/samba-client-2.0.9-1.3mdk.i586.rpm
                            8.0/RPMS/samba-common-2.0.9-1.3mdk.i586.rpm
                            8.0/SRPMS/samba-2.0.9-1.3mdk.src.rpm
    Corporate Server 1.0.1: 1.0.1/RPMS/samba-2.0.9-1.2mdk.i586.rpm
                            1.0.1/RPMS/samba-client-2.0.9-1.2mdk.i586.rpm
                            1.0.1/RPMS/samba-common-2.0.9-1.2mdk.i586.rpm
                            1.0.1/SRPMS/samba-2.0.9-1.2mdk.src.rpm

    For RedHat:

        ftp://updates.redhat.com/5.2/en/os/SRPMS/samba-2.0.5a-2.5.2.src.rpm
        ftp://updates.redhat.com/5.2/en/os/alpha/samba-2.0.5a-2.5.2.alpha.rpm
        ftp://updates.redhat.com/5.2/en/os/alpha/samba-client-2.0.5a-2.5.2.alpha.rpm
        ftp://updates.redhat.com/5.2/en/os/i386/samba-2.0.5a-2.5.2.i386.rpm
        ftp://updates.redhat.com/5.2/en/os/i386/samba-client-2.0.5a-2.5.2.i386.rpm
        ftp://updates.redhat.com/5.2/en/os/sparc/samba-2.0.5a-2.5.2.sparc.rpm
        ftp://updates.redhat.com/5.2/en/os/sparc/samba-client-2.0.5a-2.5.2.sparc.rpm
        ftp://updates.redhat.com/6.2/en/os/SRPMS/samba-2.0.8-1.6.src.rpm
        ftp://updates.redhat.com/6.2/en/os/SRPMS/logrotate-3.5.2-0.6.src.rpm
        ftp://updates.redhat.com/6.2/en/os/alpha/samba-2.0.8-1.6.alpha.rpm
        ftp://updates.redhat.com/6.2/en/os/alpha/samba-client-2.0.8-1.6.alpha.rpm
        ftp://updates.redhat.com/6.2/en/os/alpha/samba-common-2.0.8-1.6.alpha.rpm
        ftp://updates.redhat.com/6.2/en/os/alpha/logrotate-3.5.2-0.6.alpha.rpm
        ftp://updates.redhat.com/6.2/en/os/i386/samba-2.0.8-1.6.i386.rpm
        ftp://updates.redhat.com/6.2/en/os/i386/samba-client-2.0.8-1.6.i386.rpm
        ftp://updates.redhat.com/6.2/en/os/i386/samba-common-2.0.8-1.6.i386.rpm
        ftp://updates.redhat.com/6.2/en/os/i386/logrotate-3.5.2-0.6.i386.rpm
        ftp://updates.redhat.com/6.2/en/os/sparc/samba-2.0.8-1.6.sparc.rpm
        ftp://updates.redhat.com/6.2/en/os/sparc/samba-client-2.0.8-1.6.sparc.rpm
        ftp://updates.redhat.com/6.2/en/os/sparc/samba-common-2.0.8-1.6.sparc.rpm
        ftp://updates.redhat.com/6.2/en/os/sparc/logrotate-3.5.2-0.6.sparc.rpm
        ftp://updates.redhat.com/7.0/en/os/SRPMS/samba-2.0.8-1.7.src.rpm
        ftp://updates.redhat.com/7.0/en/os/alpha/samba-2.0.8-1.7.alpha.rpm
        ftp://updates.redhat.com/7.0/en/os/alpha/samba-client-2.0.8-1.7.alpha.rpm
        ftp://updates.redhat.com/7.0/en/os/alpha/samba-common-2.0.8-1.7.alpha.rpm
        ftp://updates.redhat.com/7.0/en/os/i386/samba-2.0.8-1.7.i386.rpm
        ftp://updates.redhat.com/7.0/en/os/i386/samba-client-2.0.8-1.7.i386.rpm
        ftp://updates.redhat.com/7.0/en/os/i386/samba-common-2.0.8-1.7.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/SRPMS/samba-2.0.8-1.7.1.src.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/samba-2.0.8-1.7.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/samba-client-2.0.8-1.7.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/samba-common-2.0.8-1.7.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/samba-swat-2.0.8-1.7.1.i386.rpm

    For FreeBSD:

        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.8.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.8.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-devel-2.2.0.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-devel-2.2.0.tgz


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH