2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification.
Samba is an implementation of the Server Message Block (SMB) protocol. Some versions of samba handle temporary files in an insecure manner that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world-writable permissions, allowing any user to enter their own data.
By modifying arbitrary files, an attacker may gain elevated priveleges. By corrupting files or devices, an attacker may cause denial of service.
Apply vendor patches; see the Systems Affected section below.
Deinstall the Samba package.
670568
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 19, 2001 Updated: August 01, 2001
Affected
<http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 23, 2001 Updated: August 01, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-1307.html>
<http://www.linuxsecurity.com/advisories/other_advisory-1362.html>
The vendor has not provided us with any further information regarding this vulnerability.
The second link above documents the connectiva version that corrects this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 23, 2001 Updated: August 01, 2001
Affected
<http://www.linuxsecurity.com/advisories/debian_advisory-1302.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 23, 2001 Updated: August 21, 2001
Affected
<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:36.samba.asc>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 23, 2001 Updated: August 01, 2001
Affected
<http://www.linuxsecurity.com/advisories/mandrake_advisory-1319.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 19, 2001 Updated: August 01, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-1305.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 05, 2001 Updated: August 21, 2001
Affected
<http://www.redhat.com/support/errata/RHSA-2001-086.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: May 11, 2001 Updated: August 01, 2001
Affected
The recent Samba 2.0.8 security fix release did NOT fix the security hole in Samba 2.0.7. I have now released Samba 2.0.9 to fix this.
Many thanks to Marc Jacobsen from HP for pointing out the error, and apologies from the Samba Team for any inconvenience.
Note that the 2.2.0 release did fix the bug, so if you have installed that release then you can ignore this message.
The 2.0.9 release is available at
<ftp://ftp.samba.org/pub/samba/samba-2.0.9.tar.gz>
the patch is available at:
<ftp://ftp.samba.org/pub/samba/patches/samba-2.0.8-2.0.9.diffs.gz>
The 2.2.0 release is available at:
<ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz>
We do not plan on doing any more releases of Samba 2.0.x.
Distribution vendors have been notified about the error and will be doing new releases shortly.
- - - - - - - - - -
The bug was introduced into the CVS tree on June 27th 1997. That means all versions from (and including) 1.9.17alpha4 are vulnerable. Amazingly, the bug went undetected through several security audits by various companies over the last 4 years.
The impact of the bug varies a little between versions. In the 2.0.7 release the exploit is only easy (and perhaps only possible, but I won’t guarantee it) if you are exporting printer shares. In either case, we consider it a serious enough risk that all sites should upgrade as soon as possible, especially if you have untrusted users with shell accounts.
Note that the bug is not a race condition. Given the right conditions the exploit will be successful first time every time. (ie. it is not a classic mktemp race)
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Notified: April 18, 2001 Updated: September 17, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-1298.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23670568 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was first reported by Marcus Meissner of Caldera.
This document was last modified by Tim Shimeall.
CVE IDs: | CVE-2001-0406 |
---|---|
Severity Metric: | 13.36 Date Public: |
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:36.samba.asc
www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt
www.linuxsecurity.com/advisories/debian_advisory-1302.html
www.linuxsecurity.com/advisories/freebsd_advisory-1314.html
www.linuxsecurity.com/advisories/mandrake_advisory-1319.html
www.linuxsecurity.com/advisories/other_advisory-1298.html
www.linuxsecurity.com/advisories/other_advisory-1305.html
www.linuxsecurity.com/advisories/other_advisory-1307.html
www.linuxsecurity.com/advisories/other_advisory-1362.html
www.linuxsecurity.com/advisories/redhat_advisory-1369.html
www.redhat.com/support/errata/RHSA-2001-086.html
www.securityfocus.com/bid/2617