From tsl@trustix.com Wed Jun 27 19:59:50 2001 From: Trustix Secure Linux Advisor To: tsl-announce@trustix.org Cc: bugtraq@securityfocus.com, linux-security@lists.securityportal.com Date: Wed, 27 Jun 2001 15:14:02 +0200 Subject: TSLSA-2001-0011 - Samba -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0011 Package name: Samba Severity: Possible root exploit Date: 2001-06-27 Affected versions: TSL 1.01, 1.1, 1.2 -------------------------------------------------------------------------- Problem description: From the Samba Advisory: A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. A remote attacker can use a netbios name containing unix path characters which will then be substituted into the %m macro wherever it occurs in smb.conf. This can be used to cause Samba to create a log file on top of an important system file, which in turn can be used to compromise security on the server. Note that default configuration on TSL configuration prevents this from being exploited, but we feel that you should update none the less. Action: We recommend that all systems with this package installed are upgraded. Location: All TSL updates are available from Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Note that kernel packages are not normally fit to be upgraded this way and therefore excluded in the default configuration. Get SWUP from: Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: The advisory itself is available from the errata page at or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 7aeb593ced521cdaa6c3c994c2867342 ./1.2/SRPMS/samba-2.0.10-1tr.src.rpm 2762fcc249b9ba26c9e1d8af61470c63 ./1.2/RPMS/samba-common-2.0.10-1tr.i586.rpm 9fecd414c6a7f8bad9dad887e57264ca ./1.2/RPMS/samba-client-2.0.10-1tr.i586.rpm 81e93eb9c8117311a72e9873e68983fa ./1.2/RPMS/samba-2.0.10-1tr.i586.rpm 7aeb593ced521cdaa6c3c994c2867342 ./1.1/SRPMS/samba-2.0.10-1tr.src.rpm e47c87466c56db39cc83d0bd8d3ae562 ./1.1/RPMS/samba-common-2.0.10-1tr.i586.rpm f0655a28deff40849653d21623eb0467 ./1.1/RPMS/samba-client-2.0.10-1tr.i586.rpm 54a66d71751d0d0347c984bf743f8db6 ./1.1/RPMS/samba-2.0.10-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7OcliwRTcg4BxxS0RAvHHAJ9MHGvkDSdB73geOiwyDYQYVsYKtACfc8cw Z8cl/wivorqYDxiZqP1op6A= =PRmt -----END PGP SIGNATURE-----