Samba 2.0.8 security fix

2001-04-18T00:00:00
ID SECURITYVULNS:DOC:1524
Type securityvulns
Reporter Securityvulns
Modified 2001-04-18T00:00:00

Description

I've just released Samba 2.0.8. This release fixes a significant security vulnerability that allows local users to corrupt local devices (such as raw disks).

For most users the Samba Team recommends Samba 2.2.0 which has just been released. Version 2.2.0 has all the security fixes plus many new features and other bug fixes. Version 2.0.8 is meant for very conservative sites that want a absolutely minimal security fix rather than a large update.

The security hole was found by Marcus Meissner (Marcus.Meissner@caldera.de) during a routine security audit of the Samba source code. Many thanks to Marcus and Caldera for taking the time to audit the code. The hole involved an incorrect usage of temporary files and can be exploited by a local user with a shell account on the Samba server to destroy data on a local device, such as /dev/hda. The exploit is relatively easy to perform so all sites with untrusted local users should update immediately to either version 2.0.8 or version 2.2.0.

The 2.0.8 release is available at ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz the patch is available at: ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz

The 2.2.0 release is available at: ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz

We do not plan on doing any more releases of Samba 2.0.x.

Distribution vendors have been notified about the security fix and will be doing new releases shortly.

Cheers, Tridge