* [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
@ 2001-04-18 9:57 Dmitry V. Levin
2001-04-18 10:02 ` Alexander Bokovoy
0 siblings, 1 reply; 6+ messages in thread
From: Dmitry V. Levin @ 2001-04-18 9:57 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 2083 bytes --]
----- Forwarded message from tridge@SAMBA.ORG -----
Date: Tue, 17 Apr 2001 17:06:48 -0700
From: tridge@SAMBA.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Samba 2.0.8 security fix
Reply-To: tridge@valinux.com
I've just released Samba 2.0.8. This release fixes a significant
security vulnerability that allows local users to corrupt local
devices (such as raw disks).
For most users the Samba Team recommends Samba 2.2.0 which has just
been released. Version 2.2.0 has all the security fixes plus many new
features and other bug fixes. Version 2.0.8 is meant for very
conservative sites that want a absolutely minimal security fix rather
than a large update.
The security hole was found by Marcus Meissner
(Marcus.Meissner@caldera.de) during a routine security audit of the
Samba source code. Many thanks to Marcus and Caldera for taking the
time to audit the code. The hole involved an incorrect usage of
temporary files and can be exploited by a local user with a shell
account on the Samba server to destroy data on a local device, such as
/dev/hda. The exploit is relatively easy to perform so all sites with
untrusted local users should update immediately to either version
2.0.8 or version 2.2.0.
The 2.0.8 release is available at
ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
the patch is available at:
ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz
The 2.2.0 release is available at:
ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
We do not plan on doing any more releases of Samba 2.0.x.
Distribution vendors have been notified about the security fix and
will be doing new releases shortly.
Cheers, Tridge
----- End forwarded message -----
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.ru/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] 2001-04-18 9:57 [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] Dmitry V. Levin @ 2001-04-18 10:02 ` Alexander Bokovoy 2001-04-18 10:31 ` Re[2]: " Igor Vodennikov 0 siblings, 1 reply; 6+ messages in thread From: Alexander Bokovoy @ 2001-04-18 10:02 UTC (permalink / raw) To: devel Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8) желательно было бы собрать уже сейчас. И в updates. On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote: > ----- Forwarded message from tridge@SAMBA.ORG ----- > > Date: Tue, 17 Apr 2001 17:06:48 -0700 > From: tridge@SAMBA.ORG > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: Samba 2.0.8 security fix > Reply-To: tridge@valinux.com > > I've just released Samba 2.0.8. This release fixes a significant > security vulnerability that allows local users to corrupt local > devices (such as raw disks). > > For most users the Samba Team recommends Samba 2.2.0 which has just > been released. Version 2.2.0 has all the security fixes plus many new > features and other bug fixes. Version 2.0.8 is meant for very > conservative sites that want a absolutely minimal security fix rather > than a large update. > > The security hole was found by Marcus Meissner > (Marcus.Meissner@caldera.de) during a routine security audit of the > Samba source code. Many thanks to Marcus and Caldera for taking the > time to audit the code. The hole involved an incorrect usage of > temporary files and can be exploited by a local user with a shell > account on the Samba server to destroy data on a local device, such as > /dev/hda. The exploit is relatively easy to perform so all sites with > untrusted local users should update immediately to either version > 2.0.8 or version 2.2.0. > > The 2.0.8 release is available at > ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz > the patch is available at: > ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz > > The 2.2.0 release is available at: > ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz > > We do not plan on doing any more releases of Samba 2.0.x. > > Distribution vendors have been notified about the security fix and > will be doing new releases shortly. > > Cheers, Tridge > > ----- End forwarded message ----- > > Regards, > Dmitry > > +-------------------------------------------------------------------------+ > Dmitry V. Levin mailto://ldv@alt-linux.org > ALT Linux Team http://www.altlinux.ru/ > Fandra Project http://www.fandra.org/ > +-------------------------------------------------------------------------+ > UNIX is user friendly. It's just very selective about who its friends are. -- Sincerely yours, Alexander Bokovoy The Midgard Project | ALT Linux Team | Minsk Linux Users Group www.midgard-project.org | www.altlinux.ru | www.minsk-lug.net -- You won't skid if you stay in a rut. -- Frank Hubbard _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re[2]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] 2001-04-18 10:02 ` Alexander Bokovoy @ 2001-04-18 10:31 ` Igor Vodennikov 2001-04-19 13:16 ` Re[3]: " Igor Vodennikov 0 siblings, 1 reply; 6+ messages in thread From: Igor Vodennikov @ 2001-04-18 10:31 UTC (permalink / raw) To: Alexander Bokovoy Hello Alexander, Wednesday, April 18, 2001, 4:02:04 PM, you wrote: AB> Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что AB> Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8) AB> желательно было бы собрать уже сейчас. И в updates. AB> On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote: >> ----- Forwarded message from tridge@SAMBA.ORG ----- >> >> Date: Tue, 17 Apr 2001 17:06:48 -0700 >> From: tridge@SAMBA.ORG >> To: BUGTRAQ@SECURITYFOCUS.COM >> Subject: Samba 2.0.8 security fix >> Reply-To: tridge@valinux.com >> >> I've just released Samba 2.0.8. This release fixes a significant >> security vulnerability that allows local users to corrupt local >> devices (such as raw disks). >> >> For most users the Samba Team recommends Samba 2.2.0 which has just >> been released. Version 2.2.0 has all the security fixes plus many new >> features and other bug fixes. Version 2.0.8 is meant for very >> conservative sites that want a absolutely minimal security fix rather >> than a large update. >> >> The security hole was found by Marcus Meissner >> (Marcus.Meissner@caldera.de) during a routine security audit of the >> Samba source code. Many thanks to Marcus and Caldera for taking the >> time to audit the code. The hole involved an incorrect usage of >> temporary files and can be exploited by a local user with a shell >> account on the Samba server to destroy data on a local device, such as >> /dev/hda. The exploit is relatively easy to perform so all sites with >> untrusted local users should update immediately to either version >> 2.0.8 or version 2.2.0. >> >> The 2.0.8 release is available at >> ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz >> the patch is available at: >> ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz >> >> The 2.2.0 release is available at: >> ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz >> >> We do not plan on doing any more releases of Samba 2.0.x. >> >> Distribution vendors have been notified about the security fix and >> will be doing new releases shortly. >> >> Cheers, Tridge >> >> ----- End forwarded message ----- >> >> Regards, >> Dmitry >> >> +-------------------------------------------------------------------------+ >> Dmitry V. Levin mailto://ldv@alt-linux.org >> ALT Linux Team http://www.altlinux.ru/ >> Fandra Project http://www.fandra.org/ >> +-------------------------------------------------------------------------+ >> UNIX is user friendly. It's just very selective about who its friends are. Ну, вопрос коэчно инэрестный, но самба из дисрибута и так толком не работает... вы меня извините,я опять пьян, но вчера как я не парился,так меня самба с опциями security = user (or domain) и encryrt password = yes, так и не пускала, критча в логах бад раасворд юзер реджеу\ктед, и зачем-то пыталась лезти в /root/temp/ но облаламась... самосорбанная из сорцев 2.2.0alpha3 тоже криит на бад парол. я думаю касяк pam. Кстати mgetty из дистрибута не может писать лои в /var/log/ngetty я вправил src.rpm, но если че то патч завтра, хотя там вроде не сложно разобратся. pppd\-2.4.0 при убирании патча wtmp не удаляет при выходе оттуда имна юзеров. Пришлось ставить 2.3.11 без ентого патча. kisocd-0.6.2 собран с поддержкой старого mkisofs (вроде cdrecord=version в какм-то *.h), щаз езь kisocd-0.6.4, если интересно - патчи и .spec завтра... Best regards, Igor mailto:igor@ikar.zaural.ru _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re[3]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] 2001-04-18 10:31 ` Re[2]: " Igor Vodennikov @ 2001-04-19 13:16 ` Igor Vodennikov 2001-04-19 13:50 ` Aleksey Novodvorsky 0 siblings, 1 reply; 6+ messages in thread From: Igor Vodennikov @ 2001-04-19 13:16 UTC (permalink / raw) To: Igor Vodennikov Hello Igor, Wednesday, April 18, 2001, 4:31:17 PM, you wrote: IV> Ну, вопрос коэчно инэрестный, но самба из дисрибута и так толком не IV> работает... вы меня извините,я опять пьян, но вчера как я не IV> парился,так меня самба с опциями security = user (or domain) и IV> encryrt password = yes, так и не пускала, критча в логах бад раасворд IV> юзер реджеу\ктед, и зачем-то пыталась лезти в /root/temp/ но IV> облаламась... самосорбанная из сорцев 2.2.0alpha3 тоже криит на бад IV> парол. я думаю касяк pam. Надо прописать в /etc/rc.d/init.d/smb export TMPDIR=/tmp и все будет пучком, а то она в логи писала Can't change directory to /root/tmp (Permission denied) Правда у меня сейчас самба 2.2.0, но все также было и на 2.0.7 Best regards, Igor mailto:igor@ikar.zaural.ru _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Re[3]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] 2001-04-19 13:16 ` Re[3]: " Igor Vodennikov @ 2001-04-19 13:50 ` Aleksey Novodvorsky 2001-04-20 19:07 ` Alexey Voinov 0 siblings, 1 reply; 6+ messages in thread From: Aleksey Novodvorsky @ 2001-04-19 13:50 UTC (permalink / raw) To: devel On Thu, 19 Apr 2001 19:16:32 +0600 Igor Vodennikov <igor@ikar.zaural.ru> wrote: > Hello Igor, > > Wednesday, April 18, 2001, 4:31:17 PM, you wrote: > > > IV> Ну, вопрос коэчно инэрестный, но самба из дисрибута и > так толком не > IV> работает... вы меня извините,я опять пьян, но вчера > как я не > IV> парился,так меня самба с опциями security = user (or > domain) и > IV> encryrt password = yes, так и не пускала, критча в > логах бад раасворд > IV> юзер реджеу\ктед, и зачем-то пыталась лезти в > /root/temp/ но > IV> облаламась... самосорбанная из сорцев 2.2.0alpha3 > тоже криит на бад > IV> парол. я думаю касяк pam. > > Надо прописать в /etc/rc.d/init.d/smb > export TMPDIR=/tmp > > и все будет пучком, а то она в логи писала > Can't change directory to /root/tmp (Permission denied) > > Правда у меня сейчас самба 2.2.0, но все также было и на > 2.0.7 > В 2.0.8, которая будет завтра утром, так и будет, а в 2.2.0 сделаем "как надо", то есть со своим tmp-каталогом. Rgrds, AEN _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Re[3]: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] 2001-04-19 13:50 ` Aleksey Novodvorsky @ 2001-04-20 19:07 ` Alexey Voinov 0 siblings, 0 replies; 6+ messages in thread From: Alexey Voinov @ 2001-04-20 19:07 UTC (permalink / raw) To: devel Aleksey Novodvorsky wrote: > > > > и все будет пучком, а то она в логи писала > > Can't change directory to /root/tmp (Permission denied) > > > > Правда у меня сейчас самба 2.2.0, но все также было и на > > 2.0.7 > > > В 2.0.8, которая будет завтра утром, так и будет, а в 2.2.0 > сделаем "как надо", то есть со своим tmp-каталогом. Кстати, насчет samba. И в 2.0.7-ipl22mdk и в 2.0.8-alt1 есть привязка к наличию в системе inetd. У меня во время обновленя не было и удаление не прошло с громкими криками о том что нет файла /etc/inetd.conf. Судя по тому, что удалилась samba только после указания --notriggers неправильность здесь: %triggerpostun -- samba < 2.0.5a-3, samba >= 2.0.0 if [ $1 != 0 ]; then [ ! -d /var/lock/samba ] && mkdir -m 0755 /var/lock/samba [ ! -d /var/spool/samba ] && mkdir -m 1777 /var/spool/samba chmod 644 /etc/services /etc/inetd.conf fi Если установит inetd, то все отлично работает. -- Best Regards! Alexey Voinov voins@voins.program.ru voins@online.ru _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2001-04-20 19:07 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2001-04-18 9:57 [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] Dmitry V. Levin 2001-04-18 10:02 ` Alexander Bokovoy 2001-04-18 10:31 ` Re[2]: " Igor Vodennikov 2001-04-19 13:16 ` Re[3]: " Igor Vodennikov 2001-04-19 13:50 ` Aleksey Novodvorsky 2001-04-20 19:07 ` Alexey Voinov
ALT Linux Team development discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \ devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru public-inbox-index devel Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.devel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git