Caldera Security Advisory: Samba
Jun 27, 2001, 00:13 (0 Talkback[s])
Date: Tue, 26 Jun 2001 11:33:45 -0600
From: Support Info <email@example.com>
Subject: Security Update: [CSSA-2001-024.0] OpenLinux: samba remote root problem
Caldera International, Inc. Security Advisory
Subject: OpenLinux: samba remote root problem
Advisory number: CSSA-2001-024.0
Issue date: 2001 June, 25
1. Problem Description
There is a file overwrite vulnerability in the log facilities
of the Samba filesharing package which can be used by a remote
attacker to overwrite system files and to gain root access.
This requires a specific logging entry to be set.
Caldera OpenLinux is not vulnerable to this problem in its default
configuration, because it does not include a default configuration
file for Samba and the sample configuration we ship has logging
To check whether you are vulnerable to the problem, run
grep log.*%m /etc/samba.d/smb.conf
If it shows %m directly following a '/', as in:
log file = /var/log/samba.d/%m
you are vulnerable to the problem.
If your configuration of samba is affected by this vulnerability,
you can fix it using either of the following approaches:
Using the commandline, do as root:
- Edit /etc/samba.d/smb.conf and make sure the log file
statement reads like this:
log file = /var/log/samba.d/smb.%m
- /etc/rc.d/init.d/samba restart
- Open http://localhost:901/ in a web browser.
- Authenticate using the root account and password.
- Click on the 'Globals' button from the Top Menubar.
- Go to the 'log file' entry entry and change it to:
- Press the 'Commit Changes' button on top of the page.
- Open Webmin as described in the documentation.
- Select Servers->Samba Windows Filesharing
- Press the 'Miscellaneous Options' Button.
- Change the logfile entry to read
- Press the 'Save' button.
This and other Caldera security resources are located at:
This security fix closes Caldera's internal Problem Report 10136.
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
Caldera wishes to thank Andrew Tridgell of the Samba Team and
Wichert Akkerman of Debian for their assistance.