ALT Linux Team development discussions
 help / color / mirror / Atom feed
* [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
@ 2001-04-18  9:57 Dmitry V. Levin
  2001-04-18 10:02 ` Alexander Bokovoy
  0 siblings, 1 reply; 6+ messages in thread
From: Dmitry V. Levin @ 2001-04-18  9:57 UTC (permalink / raw)
  To: devel

[-- Attachment #1: Type: text/plain, Size: 2083 bytes --]

----- Forwarded message from tridge@SAMBA.ORG -----

Date:         Tue, 17 Apr 2001 17:06:48 -0700
From: tridge@SAMBA.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Subject:      Samba 2.0.8 security fix
Reply-To: tridge@valinux.com

I've just released Samba 2.0.8. This release fixes a significant
security vulnerability that allows local users to corrupt local
devices (such as raw disks).

For most users the Samba Team recommends Samba 2.2.0 which has just
been released. Version 2.2.0 has all the security fixes plus many new
features and other bug fixes. Version 2.0.8 is meant for very
conservative sites that want a absolutely minimal security fix rather
than a large update.

The security hole was found by Marcus Meissner
(Marcus.Meissner@caldera.de) during a routine security audit of the
Samba source code. Many thanks to Marcus and Caldera for taking the
time to audit the code. The hole involved an incorrect usage of
temporary files and can be exploited by a local user with a shell
account on the Samba server to destroy data on a local device, such as
/dev/hda. The exploit is relatively easy to perform so all sites with
untrusted local users should update immediately to either version
2.0.8 or version 2.2.0.

The 2.0.8 release is available at
    ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
the patch is available at:
    ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz

The 2.2.0 release is available at:
    ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz

We do not plan on doing any more releases of Samba 2.0.x.

Distribution vendors have been notified about the security fix and
will be doing new releases shortly.

Cheers, Tridge

----- End forwarded message -----

Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
  2001-04-18  9:57 [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] Dmitry V. Levin
@ 2001-04-18 10:02 ` Alexander Bokovoy
  2001-04-18 10:31   ` Re[2]: " Igor Vodennikov
  0 siblings, 1 reply; 6+ messages in thread
From: Alexander Bokovoy @ 2001-04-18 10:02 UTC (permalink / raw)
  To: devel


Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что
Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8)
желательно было бы собрать уже сейчас. И в updates.

On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote:
> ----- Forwarded message from tridge@SAMBA.ORG -----
> 
> Date:         Tue, 17 Apr 2001 17:06:48 -0700
> From: tridge@SAMBA.ORG
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject:      Samba 2.0.8 security fix
> Reply-To: tridge@valinux.com
> 
> I've just released Samba 2.0.8. This release fixes a significant
> security vulnerability that allows local users to corrupt local
> devices (such as raw disks).
> 
> For most users the Samba Team recommends Samba 2.2.0 which has just
> been released. Version 2.2.0 has all the security fixes plus many new
> features and other bug fixes. Version 2.0.8 is meant for very
> conservative sites that want a absolutely minimal security fix rather
> than a large update.
> 
> The security hole was found by Marcus Meissner
> (Marcus.Meissner@caldera.de) during a routine security audit of the
> Samba source code. Many thanks to Marcus and Caldera for taking the
> time to audit the code. The hole involved an incorrect usage of
> temporary files and can be exploited by a local user with a shell
> account on the Samba server to destroy data on a local device, such as
> /dev/hda. The exploit is relatively easy to perform so all sites with
> untrusted local users should update immediately to either version
> 2.0.8 or version 2.2.0.
> 
> The 2.0.8 release is available at
>     ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
> the patch is available at:
>     ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz
> 
> The 2.2.0 release is available at:
>     ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
> 
> We do not plan on doing any more releases of Samba 2.0.x.
> 
> Distribution vendors have been notified about the security fix and
> will be doing new releases shortly.
> 
> Cheers, Tridge
> 
> ----- End forwarded message -----
> 
> Regards,
> 	Dmitry
> 
> +-------------------------------------------------------------------------+
> Dmitry V. Levin     mailto://ldv@alt-linux.org
> ALT Linux Team      http://www.altlinux.ru/
> Fandra Project      http://www.fandra.org/
> +-------------------------------------------------------------------------+
> UNIX is user friendly. It's just very selective about who its friends are.



-- 
Sincerely yours, Alexander Bokovoy 
  The Midgard Project    | ALT  Linux  Team | Minsk Linux Users Group
 www.midgard-project.org | www.altlinux.ru  |    www.minsk-lug.net 
-- You won't skid if you stay in a rut.
		-- Frank Hubbard
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re[2]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
  2001-04-18 10:02 ` Alexander Bokovoy
@ 2001-04-18 10:31   ` Igor Vodennikov
  2001-04-19 13:16     ` Re[3]: " Igor Vodennikov
  0 siblings, 1 reply; 6+ messages in thread
From: Igor Vodennikov @ 2001-04-18 10:31 UTC (permalink / raw)
  To: Alexander Bokovoy

Hello Alexander,

Wednesday, April 18, 2001, 4:02:04 PM, you wrote:


AB> Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что
AB> Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8)
AB> желательно было бы собрать уже сейчас. И в updates.

AB> On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote:
>> ----- Forwarded message from tridge@SAMBA.ORG -----
>> 
>> Date:         Tue, 17 Apr 2001 17:06:48 -0700
>> From: tridge@SAMBA.ORG
>> To: BUGTRAQ@SECURITYFOCUS.COM
>> Subject:      Samba 2.0.8 security fix
>> Reply-To: tridge@valinux.com
>> 
>> I've just released Samba 2.0.8. This release fixes a significant
>> security vulnerability that allows local users to corrupt local
>> devices (such as raw disks).
>> 
>> For most users the Samba Team recommends Samba 2.2.0 which has just
>> been released. Version 2.2.0 has all the security fixes plus many new
>> features and other bug fixes. Version 2.0.8 is meant for very
>> conservative sites that want a absolutely minimal security fix rather
>> than a large update.
>> 
>> The security hole was found by Marcus Meissner
>> (Marcus.Meissner@caldera.de) during a routine security audit of the
>> Samba source code. Many thanks to Marcus and Caldera for taking the
>> time to audit the code. The hole involved an incorrect usage of
>> temporary files and can be exploited by a local user with a shell
>> account on the Samba server to destroy data on a local device, such as
>> /dev/hda. The exploit is relatively easy to perform so all sites with
>> untrusted local users should update immediately to either version
>> 2.0.8 or version 2.2.0.
>> 
>> The 2.0.8 release is available at
>>     ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
>> the patch is available at:
>>     ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz
>> 
>> The 2.2.0 release is available at:
>>     ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
>> 
>> We do not plan on doing any more releases of Samba 2.0.x.
>> 
>> Distribution vendors have been notified about the security fix and
>> will be doing new releases shortly.
>> 
>> Cheers, Tridge
>> 
>> ----- End forwarded message -----
>> 
>> Regards,
>>       Dmitry
>> 
>> +-------------------------------------------------------------------------+
>> Dmitry V. Levin     mailto://ldv@alt-linux.org
>> ALT Linux Team      http://www.altlinux.ru/
>> Fandra Project      http://www.fandra.org/
>> +-------------------------------------------------------------------------+
>> UNIX is user friendly. It's just very selective about who its friends are.

Ну, вопрос коэчно инэрестный, но самба из дисрибута и так толком не
работает... вы меня извините,я опять пьян, но вчера как я не
парился,так меня самба с опциями security = user (or domain) и
encryrt password = yes, так и не пускала, критча в логах  бад раасворд
юзер реджеу\ктед, и зачем-то пыталась лезти в /root/temp/ но
облаламась... самосорбанная  из сорцев 2.2.0alpha3 тоже криит на бад
парол.  я думаю касяк pam.

Кстати mgetty из дистрибута не может писать лои в /var/log/ngetty
я вправил src.rpm, но если че то патч завтра, хотя там вроде не сложно
разобратся.

pppd\-2.4.0 при убирании патча wtmp не удаляет при выходе оттуда имна
юзеров. Пришлось ставить 2.3.11 без ентого патча.

kisocd-0.6.2 собран с поддержкой старого mkisofs (вроде
cdrecord=version в какм-то *.h), щаз езь kisocd-0.6.4, если интересно
- патчи и .spec завтра...





Best regards,
 Igor                            mailto:igor@ikar.zaural.ru


_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re[3]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
  2001-04-18 10:31   ` Re[2]: " Igor Vodennikov
@ 2001-04-19 13:16     ` Igor Vodennikov
  2001-04-19 13:50       ` Aleksey Novodvorsky
  0 siblings, 1 reply; 6+ messages in thread
From: Igor Vodennikov @ 2001-04-19 13:16 UTC (permalink / raw)
  To: Igor Vodennikov

Hello Igor,

Wednesday, April 18, 2001, 4:31:17 PM, you wrote:


IV> Ну, вопрос коэчно инэрестный, но самба из дисрибута и так толком не
IV> работает... вы меня извините,я опять пьян, но вчера как я не
IV> парился,так меня самба с опциями security = user (or domain) и
IV> encryrt password = yes, так и не пускала, критча в логах  бад раасворд
IV> юзер реджеу\ктед, и зачем-то пыталась лезти в /root/temp/ но
IV> облаламась... самосорбанная  из сорцев 2.2.0alpha3 тоже криит на бад
IV> парол.  я думаю касяк pam.

Надо прописать в /etc/rc.d/init.d/smb
export TMPDIR=/tmp

и все будет пучком, а то она в логи писала
Can't change directory to /root/tmp (Permission denied)

Правда у меня сейчас самба 2.2.0, но все также было и на 2.0.7

Best regards,
 Igor                            mailto:igor@ikar.zaural.ru


_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Re[3]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
  2001-04-19 13:16     ` Re[3]: " Igor Vodennikov
@ 2001-04-19 13:50       ` Aleksey Novodvorsky
  2001-04-20 19:07         ` Alexey Voinov
  0 siblings, 1 reply; 6+ messages in thread
From: Aleksey Novodvorsky @ 2001-04-19 13:50 UTC (permalink / raw)
  To: devel

On Thu, 19 Apr 2001 19:16:32 +0600
Igor Vodennikov <igor@ikar.zaural.ru> wrote:

> Hello Igor,
> 
> Wednesday, April 18, 2001, 4:31:17 PM, you wrote:
> 
> 
> IV> Ну, вопрос коэчно инэрестный, но самба из дисрибута и
> так толком не
> IV> работает... вы меня извините,я опять пьян, но вчера
> как я не
> IV> парился,так меня самба с опциями security = user (or
> domain) и
> IV> encryrt password = yes, так и не пускала, критча в
> логах  бад раасворд
> IV> юзер реджеу\ктед, и зачем-то пыталась лезти в
> /root/temp/ но
> IV> облаламась... самосорбанная  из сорцев 2.2.0alpha3
> тоже криит на бад
> IV> парол.  я думаю касяк pam.
> 
> Надо прописать в /etc/rc.d/init.d/smb
> export TMPDIR=/tmp
> 
> и все будет пучком, а то она в логи писала
> Can't change directory to /root/tmp (Permission denied)
> 
> Правда у меня сейчас самба 2.2.0, но все также было и на
> 2.0.7
> 
В 2.0.8, которая будет завтра утром, так и будет, а в 2.2.0
сделаем "как надо", то есть со своим tmp-каталогом.

Rgrds, AEN
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Re[3]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
  2001-04-19 13:50       ` Aleksey Novodvorsky
@ 2001-04-20 19:07         ` Alexey Voinov
  0 siblings, 0 replies; 6+ messages in thread
From: Alexey Voinov @ 2001-04-20 19:07 UTC (permalink / raw)
  To: devel

Aleksey Novodvorsky wrote:
> > 
> > и все будет пучком, а то она в логи писала
> > Can't change directory to /root/tmp (Permission denied)
> > 
> > Правда у меня сейчас самба 2.2.0, но все также было и на
> > 2.0.7
> > 
> В 2.0.8, которая будет завтра утром, так и будет, а в 2.2.0
> сделаем "как надо", то есть со своим tmp-каталогом.
Кстати, насчет samba.
И в 2.0.7-ipl22mdk и в 2.0.8-alt1 есть привязка к наличию в системе inetd.
У меня во время обновленя не было и удаление не прошло с громкими
криками о том что нет файла /etc/inetd.conf.

Судя по тому, что удалилась samba только после указания --notriggers
неправильность здесь:

%triggerpostun -- samba < 2.0.5a-3, samba >= 2.0.0
if [ $1 != 0 ]; then
	[ ! -d /var/lock/samba ] && mkdir -m 0755 /var/lock/samba
        	[ ! -d /var/spool/samba ] && mkdir -m 1777 /var/spool/samba
        	chmod 644 /etc/services /etc/inetd.conf
fi
		    
Если установит inetd, то все отлично работает.

-- 
Best Regards!
Alexey Voinov

voins@voins.program.ru
voins@online.ru
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel


^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2001-04-20 19:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-04-18  9:57 [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] Dmitry V. Levin
2001-04-18 10:02 ` Alexander Bokovoy
2001-04-18 10:31   ` Re[2]: " Igor Vodennikov
2001-04-19 13:16     ` Re[3]: " Igor Vodennikov
2001-04-19 13:50       ` Aleksey Novodvorsky
2001-04-20 19:07         ` Alexey Voinov

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git