Linux Today: Linux News On Internet Time.

Caldera Security Advisory: Samba

Jun 27, 2001, 00:13 (0 Talkback[s])
Date: Tue, 26 Jun 2001 11:33:45 -0600
From: Support Info <supinfo@caldera.com>
Subject: Security Update: [CSSA-2001-024.0] OpenLinux: samba remote root problem

                   Caldera International, Inc.  Security Advisory

Subject:                OpenLinux: samba remote root problem
Advisory number:        CSSA-2001-024.0
Issue date:             2001 June, 25
Cross reference:

1. Problem Description

   There is a file overwrite vulnerability in the log facilities
   of the Samba filesharing package which can be used by a remote
   attacker to overwrite system files and to gain root access.
   This requires a specific logging entry to be set.

   Caldera OpenLinux is not vulnerable to this problem in its default
   configuration, because it does not include a default configuration
   file for Samba and the sample configuration we ship has logging
   commented out.

   To check whether you are vulnerable to the problem, run

        grep log.*%m /etc/samba.d/smb.conf

   If it shows %m directly following a '/', as in:

        log file = /var/log/samba.d/%m

   you are vulnerable to the problem.

2. Solution

   If your configuration of samba is affected by this vulnerability,
   you can fix it using either of the following approaches:

   Using the commandline, do as root:

        - Edit /etc/samba.d/smb.conf and make sure the log file
          statement reads like this:

            log file = /var/log/samba.d/smb.%m

        - /etc/rc.d/init.d/samba restart

   Using SWAT:

        - Open http://localhost:901/ in a web browser.
        - Authenticate using the root account and password.
        - Click on the 'Globals' button from the Top Menubar.
        - Go to the 'log file' entry entry and change it to:


        - Press the 'Commit Changes' button on top of the page.

   Using Webmin:

        - Open Webmin as described in the documentation.
        - Select Servers->Samba Windows Filesharing
        - Press the 'Miscellaneous Options' Button.
        - Change the logfile entry to read


        - Press the 'Save' button.

3. References

   This and other Caldera security resources are located at:


   This security fix closes Caldera's internal Problem Report 10136.

4. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

   Caldera wishes to thank Andrew Tridgell of the Samba Team and
   Wichert Akkerman of Debian for their assistance.