Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2001-018.1] OpenLinux: samba /tmp problems
From: Support Info <supinfo () caldera com>
Date: Wed, 27 Jun 2001 12:28:36 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera International, Inc.  Security Advisory

Subject:                Linux - samba /tmp problems
Advisory number:        CSSA-2001-018.1
Issue date:             2001 May, 18
Last change:            2001 June, 26
Cross reference:        CSSA-2001-015.0
______________________________________________________________________________


1. Problem Description

   The previous Samba update fixed several places within the
   samba server code that allowed local attackers to gain root
   access.

   Unfortunately the patch used was slightly incorrect and did not
   fix the problem completely.

   The Samba 2.0.9 release fixes this problem, this security
   update backports it to our released Samba packages.

   This additional CSSA releases fixed packages for the OpenLinux
   3.1 series of products.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                All packages previous to
                                samba-2.0.5-3

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder       samba-2.0.5-3S

   OpenLinux eDesktop 2.4       All packages previous to
                                samba-2.0.6-4

   OpenLinux 3.1 Server         All packages previous to
                                samba-2.0.9-1      

   OpenLinux 3.1 Workstation    All packages previous to
                                samba-2.0.9-1

3. Solution

   Workaround

      none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       6538311492da60de2fd81e4579c786af  RPMS/samba-2.0.5-3.i386.rpm
       098d66faee2cc1c50921f39dcd473aa2  RPMS/samba-doc-2.0.5-3.i386.rpm
       fd564ec85358666bcfb5b691bd86f416  RPMS/smbfs-2.0.5-3.i386.rpm
       111c64faf3524930b6c648beba2a7e62  RPMS/swat-2.0.5-3.i386.rpm
       8fb09b8512aee8d5164d5fa9abef8205  SRPMS/samba-2.0.5-3.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv s*.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       39cc6ebd5216649346a7091395aee135  RPMS/samba-2.0.5-3S.i386.rpm
       b4278e491326d4ce3a7b81d017872bce  RPMS/samba-doc-2.0.5-3S.i386.rpm
       d3b59dfa2a365a6c0a13d580164f8b58  RPMS/smbfs-2.0.5-3S.i386.rpm
       cef24c9d65a9365ccec3753828c5c945  RPMS/swat-2.0.5-3S.i386.rpm
       e35e8e614a4d5f597b5f9a764162778d  SRPMS/samba-2.0.5-3S.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fvh s*i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       1ff64fd57d531816037ac1c1d18b6abd  RPMS/samba-2.0.6-4.i386.rpm
       cdb3f575cbbc503699bf71e53354e382  RPMS/samba-doc-2.0.6-4.i386.rpm
       e7b7c7eb3b1ad3a80f45904607488eec  RPMS/smbfs-2.0.6-4.i386.rpm
       3d1b49c60f4359b0ee95dd5457f72ccf  RPMS/swat-2.0.6-4.i386.rpm
       b7ec58e0edc4217b2c8f19f3edb3de95  SRPMS/samba-2.0.6-4.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

       rpm -Fvh s*i386.rpm

7. OpenLinux 3.1 Server

   7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       e7c8db2cc3bfae03b5aba9fc9df595b5  RPMS/samba-2.0.9-1.i386.rpm
       b2c321bc2662ed5a35738a8cbde612bd  RPMS/samba-doc-2.0.9-1.i386.rpm
       166ba51b4da417bda080ca8fbecf5fda  RPMS/smbfs-2.0.9-1.i386.rpm
       b3c5fd3f03c244b21942b2e4fb32f044  RPMS/swat-2.0.9-1.i386.rpm
       8cf2bd7ab81c83bb15808a9c58e7383c  SRPMS/samba-2.0.9-1.src.rpm

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

           rpm -Fvh s*i386.rpm

       or start kcupdate, the Caldera OpenLinux Update Manager 

8. OpenLinux 3.1 Workstation

   8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       e7c8db2cc3bfae03b5aba9fc9df595b5  RPMS/samba-2.0.9-1.i386.rpm
       b2c321bc2662ed5a35738a8cbde612bd  RPMS/samba-doc-2.0.9-1.i386.rpm
       166ba51b4da417bda080ca8fbecf5fda  RPMS/smbfs-2.0.9-1.i386.rpm
       b3c5fd3f03c244b21942b2e4fb32f044  RPMS/swat-2.0.9-1.i386.rpm
       8cf2bd7ab81c83bb15808a9c58e7383c  SRPMS/samba-2.0.9-1.src.rpm

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

           rpm -Fvh s*i386.rpm

       or start kcupdate, the Caldera OpenLinux Update Manager 

9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 9736.

10.Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera International
   products.

11.Acknowledgements:

   Caldera International wishes to thank the Samba Team for spotting and
   fixing this problem.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7OFXk18sy83A/qfwRApNnAKCVsyfb//eq6psoPy/0JPKKozSRmQCeNu4b
u0BmR6q7JZESKe+NX6GzrSM=
=Z6vG
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2001-018.1] OpenLinux: samba /tmp problems Support Info (Jun 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]