Debians sikkerhedsbulletin

DSA-048-3 samba -- symlink-angreb

Rapporteret den:

9. maj 2001

Berørte pakker:

samba

Sårbar:

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2617.
I Mitres CVE-ordbog: CVE-2001-0406.

Yderligere oplysninger:

Marcus Meissner opdagede at Samba to steder ikke oprettede midlertidige filer på en sikker måde:

når en fjernbruger kiggede på printerkøen, oprettede Samba en midlertidig fil som kø-oplysningerne blev skrevet til. Dette blev gjort med et forudsigeligt filnavn, og usikkert, hvilket gjorde det muligt for en lokal bruger at snyde Samba til at overskrive tilfældige filer.
kommandoerne "more" og "mput" i smbclient oprettede også midlertidige filer på en usikker måde i /tmp.

Begge problemer er blevet rettet i version 2.0.7-3.2 og vi anbefaler at du omgående opgraderer din Samba-pakke. (Dette problem er også rettet i Samba version 2.2-koden.)

Bemærk: DSA-048-1 indeholdt en fejlagtigt kompileret Sparc-pakke, som den anden udgave rettede.

Den tredie udgave af dette bulletin blev skrevet fordi Marc Jacobsen fra HP opdatede at sikkerhedsrettelserne fra Samba 2.0.8 ikke fuldstændigt rettede /tmp-symlink-angrebet. Samba-teamet frigav version 2.0.9 for at rette det, og disse rettelser er blevet føjet til version 2.0.7-3.3 af Debians Samba-pakke.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:: http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.3.diff.gz; http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.3.dsc; http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.3_all.deb
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.3_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.3_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.3_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.3_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.3_alpha.deb
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.3_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.3_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.3_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.3_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.3_arm.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.3_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.3_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.3_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.3_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.3_i386.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.3_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.3_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.3_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.3_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.3_m68k.deb
PowerPC:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.3_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.3_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.3_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.3_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.3_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.3_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.3_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.3_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.3_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.3_sparc.deb