Date: Tue, 26 Jun 2001 11:33:45 -0600
From: Support Info <[email protected]>
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-024.0] OpenLinux: samba remote root problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenLinux: samba remote root problem
Advisory number: CSSA-2001-024.0
Issue date: 2001 June, 25
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a file overwrite vulnerability in the log facilities
of the Samba filesharing package which can be used by a remote
attacker to overwrite system files and to gain root access.
This requires a specific logging entry to be set.
Caldera OpenLinux is not vulnerable to this problem in its default
configuration, because it does not include a default configuration
file for Samba and the sample configuration we ship has logging
commented out.
To check whether you are vulnerable to the problem, run
grep log.*%m /etc/samba.d/smb.conf
If it shows %m directly following a '/', as in:
log file = /var/log/samba.d/%m
you are vulnerable to the problem.
2. Solution
If your configuration of samba is affected by this vulnerability,
you can fix it using either of the following approaches:
Using the commandline, do as root:
- Edit /etc/samba.d/smb.conf and make sure the log file
statement reads like this:
log file = /var/log/samba.d/smb.%m
- /etc/rc.d/init.d/samba restart
Using SWAT:
- Open http://localhost:901/ in a web browser.
- Authenticate using the root account and password.
- Click on the 'Globals' button from the Top Menubar.
- Go to the 'log file' entry entry and change it to:
/var/log/samba.d/smb.%m
- Press the 'Commit Changes' button on top of the page.
Using Webmin:
- Open Webmin as described in the documentation.
- Select Servers->Samba Windows Filesharing
- Press the 'Miscellaneous Options' Button.
- Change the logfile entry to read
/var/log/samba.d/smb.%m
- Press the 'Save' button.
3. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10136.
4. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
Caldera wishes to thank Andrew Tridgell of the Samba Team and
Wichert Akkerman of Debian for their assistance.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7N19t18sy83A/qfwRAkrDAJ0XEuggSg6DPlBUtQfJzWNyCh6P1ACcD6I9
bCPM87eldMP5hcbB7mQVl6E=
=yqhN
-----END PGP SIGNATURE-----
