Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2001-024.0] OpenLinux: samba remote root problem
From: Support Info <supinfo () caldera com>
Date: Tue, 26 Jun 2001 11:33:45 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera International, Inc.  Security Advisory

Subject:                OpenLinux: samba remote root problem
Advisory number:        CSSA-2001-024.0
Issue date:             2001 June, 25
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a file overwrite vulnerability in the log facilities
   of the Samba filesharing package which can be used by a remote
   attacker to overwrite system files and to gain root access.
   This requires a specific logging entry to be set.

   Caldera OpenLinux is not vulnerable to this problem in its default
   configuration, because it does not include a default configuration
   file for Samba and the sample configuration we ship has logging
   commented out.

   To check whether you are vulnerable to the problem, run

        grep log.*%m /etc/samba.d/smb.conf

   If it shows %m directly following a '/', as in:

        log file = /var/log/samba.d/%m

   you are vulnerable to the problem.

2. Solution

   If your configuration of samba is affected by this vulnerability,
   you can fix it using either of the following approaches:

   Using the commandline, do as root:

        - Edit /etc/samba.d/smb.conf and make sure the log file
          statement reads like this:

            log file = /var/log/samba.d/smb.%m

        - /etc/rc.d/init.d/samba restart

   Using SWAT:

        - Open http://localhost:901/ in a web browser.
        - Authenticate using the root account and password.
        - Click on the 'Globals' button from the Top Menubar.
        - Go to the 'log file' entry entry and change it to:

            /var/log/samba.d/smb.%m

        - Press the 'Commit Changes' button on top of the page.

   Using Webmin:

        - Open Webmin as described in the documentation.
        - Select Servers->Samba Windows Filesharing
        - Press the 'Miscellaneous Options' Button.
        - Change the logfile entry to read

            /var/log/samba.d/smb.%m

        - Press the 'Save' button.


3. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10136.

4. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

   Caldera wishes to thank Andrew Tridgell of the Samba Team and
   Wichert Akkerman of Debian for their assistance.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7N19t18sy83A/qfwRAkrDAJ0XEuggSg6DPlBUtQfJzWNyCh6P1ACcD6I9
bCPM87eldMP5hcbB7mQVl6E=
=yqhN
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2001-024.0] OpenLinux: samba remote root problem Support Info (Jun 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault