Family: Debian Local Security Checks --> Category: infos
[DSA048] DSA-048-3 samba Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Marcus Meissner discovered that samba was not creating temporary
files safely in two places:
when a remote user queried a printer queue samba would create a
temporary file in which the queue data would be written. This was being
done using a predictable filename, and insecurely, allowing a local
attacker to trick samba into overwriting arbitrary files.
smbclient "more" and "mput" commands also created temporary files
in /tmp insecurely.
Both problems have been fixed in version 2.0.7-3.2, and we recommend
that you upgrade your samba package immediately. (This problem is also fixed
in the Samba 2.2 codebase.)
Note: DSA-048-1 included an incorrectly compiled sparc package, which
the second edition fixed.
The third edition of the advisory was made because Marc Jacobsen from HP
discovered that the security fixes from samba 2.0.8 did not fully fix the
/tmp symlink attack problem. The samba team released version 2.0.9 to fix
that, and those fixes have been added to version 2.0.7-3.3 of the Debian
Solution : http://www.debian.org/security/2001/dsa-048
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.