linux, säkerhet

6676880 2001-06-26 17:48 -0700  /90 rader/ Immunix Security Team <security@wirex.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-06-27  21:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17635>
Ärende: samba update -- Immunix OS 6.2, 7.0-beta, 7.0
------------------------------------------------------------
-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	samba, samba-client, samba-common
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed:		immunix/1649
Date:			Tue Jun 26 2001
Advisory ID:		IMNX-2001-70-027-01
Author:			Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------

Description:
  Michal Zalewski has found a weakness in the Samba suit of SMB protocol
  (Windows and LANManager file and printer sharing) programs that allow
  local and remote users to append to files writable by root, as long as
  the path from /var/log/samba is no more than 15 characters long. The
  easiest way to reach arbitrary files is by using a symbolic link in
  /tmp; this attack is stopped on Immunix 7.0 (and 6.2 with our kernel
  updates) because they use Solar Designer's Openwall kernel patch.
  However, users with sufficiently short usernames could use their own
  home directories for symlinks.

  The problem can be mitigated by removing all references to %m from
  the samba configuration file, /etc/samba/smb.conf until upgrading.

  We suggest upgrading immediately.

  Thanks to Michal Zalewski for finding this problem, and thanks to
  the Samba team for their rapid response.

References:
  http://us1.samba.org/samba/whatsnew/macroexploit.html
  http://www.securityfocus.com/archive/1/193027
  http://www.securityfocus.com/archive/1/193501

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/samba-2.0.10-1_StackGuard_1.i386.rpm
  http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/samba-client-2.0.10-1_StackGuard_1.i386.rpmhttp://download.immunix.org/ImmunixOS/6.2/updates/RPMS/samba-common-2.0.10-1_StackGuard_1.i386.rpm

  Source packages for Immunix 6.2 are available at:
  http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/samba-2.0.10-1_StackGuard_1.src.rpm

  Precompiled binary packages for Immunix 7.0-beta and 7.0 are
  available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/samba-2.0.10-1_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/samba-client-2.0.10-1_imnx_1.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/samba-common-2.0.10-1_imnx_1.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/samba-2.0.10-1_imnx_1.src.rpm

Immunix OS 6.2 md5sums:
  da6b34ebc720c502eaf66a9b36ee12c4  RPMS/samba-2.0.10-1_StackGuard_1.i386.rpm
  09c1252a93695157ee01574b668d34fc  RPMS/samba-client-2.0.10-1_StackGuard_1.i386.rpm
  e097092969435a751c038c4fd6ceb81b  RPMS/samba-common-2.0.10-1_StackGuard_1.i386.rpm
  627fa90d8de54f3c57d45621101c25cc  SRPMS/samba-2.0.10-1_StackGuard_1.src.rpm

Immunix OS 7.0 md5sums:
  1037179f0e7c33ade98d502e073922f7  RPMS/samba-2.0.10-1_imnx_1.i386.rpm
  66a119a79bea0b44ff99556ecd94eceb  RPMS/samba-client-2.0.10-1_imnx_1.i386.rpm
  285625cf5281cbb01d6f885bc54f493f  RPMS/samba-common-2.0.10-1_imnx_1.i386.rpm
  080ea9972bde36576adf780df5c314a0  SRPMS/samba-2.0.10-1_imnx_1.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           
  *** NOTE *** This key is different from the one used in advisories            
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.
(6676880) /Immunix Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 6676881
6676881 2001-06-26 17:48 -0700  /10 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2001-06-27  21:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17636>
Bilaga (text/plain) till text 6676880
Ärende: Bilaga till: samba update -- Immunix OS 6.2, 7.0-beta, 7.0
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjs5LUsACgkQVQcWL60UVMtRawCcCg/VOnBg8rh1GXyuPbdp1ZzY
5fsAnjkNLJUJDGFYRq8S1ULqHOmR9i0m
=CxUM
-----END PGP SIGNATURE-----
(6676881) /Immunix Security Team <security@wirex.com>/