ALT Linux Team development discussions
 help / color / mirror / Atom feed
From: Igor Vodennikov <igor@ikar.zaural.ru>
To: Alexander Bokovoy <devel@linux.iplabs.ru>
Subject: Re[2]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
Date: Wed, 18 Apr 2001 16:31:17 +0600
Message-ID: <17522662126.20010418163117@ikar.zaural.ru> (raw)
In-Reply-To: <20010418130204.E2486@boids.avilink.net>

Hello Alexander,

Wednesday, April 18, 2001, 4:02:04 PM, you wrote:


AB> Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что
AB> Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8)
AB> желательно было бы собрать уже сейчас. И в updates.

AB> On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote:
>> ----- Forwarded message from tridge@SAMBA.ORG -----
>> 
>> Date:         Tue, 17 Apr 2001 17:06:48 -0700
>> From: tridge@SAMBA.ORG
>> To: BUGTRAQ@SECURITYFOCUS.COM
>> Subject:      Samba 2.0.8 security fix
>> Reply-To: tridge@valinux.com
>> 
>> I've just released Samba 2.0.8. This release fixes a significant
>> security vulnerability that allows local users to corrupt local
>> devices (such as raw disks).
>> 
>> For most users the Samba Team recommends Samba 2.2.0 which has just
>> been released. Version 2.2.0 has all the security fixes plus many new
>> features and other bug fixes. Version 2.0.8 is meant for very
>> conservative sites that want a absolutely minimal security fix rather
>> than a large update.
>> 
>> The security hole was found by Marcus Meissner
>> (Marcus.Meissner@caldera.de) during a routine security audit of the
>> Samba source code. Many thanks to Marcus and Caldera for taking the
>> time to audit the code. The hole involved an incorrect usage of
>> temporary files and can be exploited by a local user with a shell
>> account on the Samba server to destroy data on a local device, such as
>> /dev/hda. The exploit is relatively easy to perform so all sites with
>> untrusted local users should update immediately to either version
>> 2.0.8 or version 2.2.0.
>> 
>> The 2.0.8 release is available at
>>     ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
>> the patch is available at:
>>     ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz
>> 
>> The 2.2.0 release is available at:
>>     ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
>> 
>> We do not plan on doing any more releases of Samba 2.0.x.
>> 
>> Distribution vendors have been notified about the security fix and
>> will be doing new releases shortly.
>> 
>> Cheers, Tridge
>> 
>> ----- End forwarded message -----
>> 
>> Regards,
>>       Dmitry
>> 
>> +-------------------------------------------------------------------------+
>> Dmitry V. Levin     mailto://ldv@alt-linux.org
>> ALT Linux Team      http://www.altlinux.ru/
>> Fandra Project      http://www.fandra.org/
>> +-------------------------------------------------------------------------+
>> UNIX is user friendly. It's just very selective about who its friends are.

Ну, вопрос коэчно инэрестный, но самба из дисрибута и так толком не
работает... вы меня извините,я опять пьян, но вчера как я не
парился,так меня самба с опциями security = user (or domain) и
encryrt password = yes, так и не пускала, критча в логах  бад раасворд
юзер реджеу\ктед, и зачем-то пыталась лезти в /root/temp/ но
облаламась... самосорбанная  из сорцев 2.2.0alpha3 тоже криит на бад
парол.  я думаю касяк pam.

Кстати mgetty из дистрибута не может писать лои в /var/log/ngetty
я вправил src.rpm, но если че то патч завтра, хотя там вроде не сложно
разобратся.

pppd\-2.4.0 при убирании патча wtmp не удаляет при выходе оттуда имна
юзеров. Пришлось ставить 2.3.11 без ентого патча.

kisocd-0.6.2 собран с поддержкой старого mkisofs (вроде
cdrecord=version в какм-то *.h), щаз езь kisocd-0.6.4, если интересно
- патчи и .spec завтра...





Best regards,
 Igor                            mailto:igor@ikar.zaural.ru


_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel


  reply	other threads:[~2001-04-18 10:31 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-04-18  9:57 Dmitry V. Levin
2001-04-18 10:02 ` Alexander Bokovoy
2001-04-18 10:31   ` Igor Vodennikov [this message]
2001-04-19 13:16     ` Re[3]: " Igor Vodennikov
2001-04-19 13:50       ` Aleksey Novodvorsky
2001-04-20 19:07         ` Alexey Voinov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=17522662126.20010418163117@ikar.zaural.ru \
    --to=igor@ikar.zaural.ru \
    --cc=devel@linux.iplabs.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git