Linux Today: Linux News On Internet Time.

Suid problem in samba as shipped with Caldera

Nov 20, 1998, 10:02 (0 Talkback[s])

-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.35: Suid problem in samba Topic: Suid problem in samba Advisory issue date: 20 Nov 1998 I. Problem Description The problem is the installation permissions of the wsmbconf binary. The RPM installs wsmbconf as a setgid binary owned by group root and executable by all users. The wsmbconf program was a prototype application and was never meant to make its way into a Samba release. It was not designed to be setgid and is vulnerable to attack by local users when installed setgid. II. Impact Non-privileged users can use wsmbconf to gain read/write access to any file which is accessible to the root group. Description: Vulnerable Systems: OpenLinux 1.0, 1.1, 1.2 & 1.3 systems using a samba package prior to samba-1.9.18p10-1. III. Solution Workaround: All systems on which the Samba RPM are installed should immediately remove the file /usr/sbin/wsmbconf: rm -f /usr/sbin/wsmbconf removing this file will not in any way adversely affect your Samba installation as the file is not actually part of Samba 1.9.18p10. Correction: The proper solution is to upgrade to the samba-1.9.18p10-1 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/007/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/007/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: e3f2fe967ccc19a3bb81979dac13c551 RPMS/samba-1.9.18p10-1.i386.rpm cba3bd97896ed4099d516750b4c878cf SRPMS/samba-1.9.18p10-1.src.rpm Upgrade with the following commands: rpm -q samba && rpm -U samba-1.9.18p10.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4195. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNlRrDen+9R4958LpAQF/hgQAiFndAi2nI5ivmM+4OUAbPQ+fQ/+Gepdr KNfsqLmJnmcYiFU0jIlvDIWQ6wHH71iF0v36lt/uuNgXkHvEk7pZu82XR0YneKOR qa5n/VCpymsVyBPXKo5Rlm+18QmtO/ew76d2eAUFD0gI7MGK7IlgYT0hPodl0uKc dg4N71lyP5c= =5upH -----END PGP SIGNATURE-----