search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Amahi Linux Home Server 4.2 Matthias Ettrich Receives German Federal Cross of Merit Using Windows Is Like... Installing Ubuntu 9.10 Hands-on: OpenMoko WikiReader is simple, appealing Perl far from dead, more popular than you think Microsoft Exchange alternatives Kubuntu 9.10: A Mixed Bag Could Microsoft switch to Linux? Red Hat Virtualization Manager for Windows Only? Systems Implementation Engineer II – Disk-Based Back-Up/Replication/RedHat Linux (PA) Next Step Systems US-PA-Philadelphia Post A Job | Post A Resume Suid problem in samba as shipped with Caldera Nov 20, 1998, 10 :02 UTC (0 Talkback[s]) (1369 reads) -----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.35: Suid problem in samba Topic: Suid problem in samba Advisory issue date: 20 Nov 1998 I. Problem Description The problem is the installation permissions of the wsmbconf binary. The RPM installs wsmbconf as a setgid binary owned by group root and executable by all users. The wsmbconf program was a prototype application and was never meant to make its way into a Samba release. It was not designed to be setgid and is vulnerable to attack by local users when installed setgid. II. Impact Non-privileged users can use wsmbconf to gain read/write access to any file which is accessible to the root group. Description: Vulnerable Systems: OpenLinux 1.0, 1.1, 1.2 & 1.3 systems using a samba package prior to samba-1.9.18p10-1. III. Solution Workaround: All systems on which the Samba RPM are installed should immediately remove the file /usr/sbin/wsmbconf: rm -f /usr/sbin/wsmbconf removing this file will not in any way adversely affect your Samba installation as the file is not actually part of Samba 1.9.18p10. Correction: The proper solution is to upgrade to the samba-1.9.18p10-1 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/007/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/007/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: e3f2fe967ccc19a3bb81979dac13c551 RPMS/samba-1.9.18p10-1.i386.rpm cba3bd97896ed4099d516750b4c878cf SRPMS/samba-1.9.18p10-1.src.rpm Upgrade with the following commands: rpm -q samba && rpm -U samba-1.9.18p10.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4195. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNlRrDen+9R4958LpAQF/hgQAiFndAi2nI5ivmM+4OUAbPQ+fQ/+Gepdr KNfsqLmJnmcYiFU0jIlvDIWQ6wHH71iF0v36lt/uuNgXkHvEk7pZu82XR0YneKOR qa5n/VCpymsVyBPXKo5Rlm+18QmtO/ew76d2eAUFD0gI7MGK7IlgYT0hPodl0uKc dg4N71lyP5c= =5upH -----END PGP SIGNATURE----- No talkbacks posted.   Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications Adobe Article: Java Developers Finding a Home at Adobe Flex IBM Articles: A Smarter Business Needs Smarter Technology Intel Xeon Processor Increases Server Efficiency and Capabilities Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database Oracle Whitepapers - Innovation for IT Leaders Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT Internet.com eBook: IT Manager's Guide to Social Networking Internet.com eBook: Get Ready for Windows 7 Microsoft Article: Expression Web 3--New Features for PHP Developers Whitepapers: Manage Your Business Infrastracture with IBM Whitepaper: Maximize Your Storage Investment with HP Internet.com eBook: Becoming a Better Project Manager Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Webcast: Connecting PHP to Microsoft Technologies Video: Microsoft Partner Program Benefits Video: Windows Azure Debugging Tips SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports IBM Webcast: Speed Business Innovation with Reduced Cost and Risk Video: Deploy Applications on Windows Azure MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Downloads & Free Trials: Microsoft's New Efficiency Resource Center Get the Windows 7 SDK Free Trial: Red Gate SQL Backup Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Virtual Lab: Migrating PHP Applications Enabling Web Slices and Accelerators with a PHP Site Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products All About Botnets MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES