Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jun 23, 2001

  • Debian Security Advisory: samba remote file append/creation problem (2001-06-23 19:30:11)
    "Michal Zalewski discovered that samba does not properly validate NetBIOS names from remote machines. By itself that is not a problem, except if Samba is configure to write log-files to a file that includes the NetBIOS name of the remote side by using the `%m' macro in the `log file' command. In that case an attacker could use a NetBIOS name like '../tmp/evil'. If the log-file was set to '/var/log/samba/%s' samba would them write to /var/tmp/evil."

  • Samba security bugfix released (2001-06-23 17:30:58)
    "A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration."