From mboxrd@z Thu Jan 1 00:00:00 1970 From: Igor Vodennikov X-Mailer: The Bat! (v1.51) Organization: JSC "Ikar" X-Priority: 3 (Normal) Message-ID: <17522662126.20010418163117@ikar.zaural.ru> To: Alexander Bokovoy Subject: Re[2]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] In-Reply-To: <20010418130204.E2486@boids.avilink.net> References: <20010418135713.B27324@ldv.office.alt-linux.org> <20010418130204.E2486@boids.avilink.net> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by starboy.radio-msu.net id f3I9cKY03657 Sender: devel-admin@linux.iplabs.ru Errors-To: devel-admin@linux.iplabs.ru X-BeenThere: devel@linux.iplabs.ru X-Mailman-Version: 2.0 Precedence: bulk Reply-To: devel@linux.iplabs.ru X-Reply-To: Igor Vodennikov List-Help: List-Post: List-Subscribe: , List-Id: IPLabs Linux Team Developers mailing list List-Unsubscribe: , List-Archive: X-Original-Date: Wed, 18 Apr 2001 16:31:17 +0600 Date: Wed, 18 Apr 2001 16:31:17 +0600 Archived-At: List-Archive: List-Post: Hello Alexander, Wednesday, April 18, 2001, 4:02:04 PM, you wrote: AB> Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что AB> Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8) AB> желательно было бы собрать уже сейчас. И в updates. AB> On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote: >> ----- Forwarded message from tridge@SAMBA.ORG ----- >> >> Date: Tue, 17 Apr 2001 17:06:48 -0700 >> From: tridge@SAMBA.ORG >> To: BUGTRAQ@SECURITYFOCUS.COM >> Subject: Samba 2.0.8 security fix >> Reply-To: tridge@valinux.com >> >> I've just released Samba 2.0.8. This release fixes a significant >> security vulnerability that allows local users to corrupt local >> devices (such as raw disks). >> >> For most users the Samba Team recommends Samba 2.2.0 which has just >> been released. Version 2.2.0 has all the security fixes plus many new >> features and other bug fixes. Version 2.0.8 is meant for very >> conservative sites that want a absolutely minimal security fix rather >> than a large update. >> >> The security hole was found by Marcus Meissner >> (Marcus.Meissner@caldera.de) during a routine security audit of the >> Samba source code. Many thanks to Marcus and Caldera for taking the >> time to audit the code. The hole involved an incorrect usage of >> temporary files and can be exploited by a local user with a shell >> account on the Samba server to destroy data on a local device, such as >> /dev/hda. The exploit is relatively easy to perform so all sites with >> untrusted local users should update immediately to either version >> 2.0.8 or version 2.2.0. >> >> The 2.0.8 release is available at >> ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz >> the patch is available at: >> ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz >> >> The 2.2.0 release is available at: >> ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz >> >> We do not plan on doing any more releases of Samba 2.0.x. >> >> Distribution vendors have been notified about the security fix and >> will be doing new releases shortly. >> >> Cheers, Tridge >> >> ----- End forwarded message ----- >> >> Regards, >> Dmitry >> >> +-------------------------------------------------------------------------+ >> Dmitry V. Levin mailto://ldv@alt-linux.org >> ALT Linux Team http://www.altlinux.ru/ >> Fandra Project http://www.fandra.org/ >> +-------------------------------------------------------------------------+ >> UNIX is user friendly. It's just very selective about who its friends are. Ну, вопрос коэчно инэрестный, но самба из дисрибута и так толком не работает... вы меня извините,я опять пьян, но вчера как я не парился,так меня самба с опциями security = user (or domain) и encryrt password = yes, так и не пускала, критча в логах бад раасворд юзер реджеу\ктед, и зачем-то пыталась лезти в /root/temp/ но облаламась... самосорбанная из сорцев 2.2.0alpha3 тоже криит на бад парол. я думаю касяк pam. Кстати mgetty из дистрибута не может писать лои в /var/log/ngetty я вправил src.rpm, но если че то патч завтра, хотя там вроде не сложно разобратся. pppd\-2.4.0 при убирании патча wtmp не удаляет при выходе оттуда имна юзеров. Пришлось ставить 2.3.11 без ентого патча. kisocd-0.6.2 собран с поддержкой старого mkisofs (вроде cdrecord=version в какм-то *.h), щаз езь kisocd-0.6.4, если интересно - патчи и .spec завтра... Best regards, Igor mailto:igor@ikar.zaural.ru _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel