From supinfo@caldera.com Tue Jun 26 17:44:48 2001 From: Support Info To: announce@lists.caldera.com, bugtraq@securityfocus.com, linux-security@redhat.com, linuxlist@securityportal.com Date: Tue, 26 Jun 2001 11:33:45 -0600 Subject: Security Update: [CSSA-2001-024.0] OpenLinux: samba remote root problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenLinux: samba remote root problem Advisory number: CSSA-2001-024.0 Issue date: 2001 June, 25 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a file overwrite vulnerability in the log facilities of the Samba filesharing package which can be used by a remote attacker to overwrite system files and to gain root access. This requires a specific logging entry to be set. Caldera OpenLinux is not vulnerable to this problem in its default configuration, because it does not include a default configuration file for Samba and the sample configuration we ship has logging commented out. To check whether you are vulnerable to the problem, run grep log.*%m /etc/samba.d/smb.conf If it shows %m directly following a '/', as in: log file = /var/log/samba.d/%m you are vulnerable to the problem. 2. Solution If your configuration of samba is affected by this vulnerability, you can fix it using either of the following approaches: Using the commandline, do as root: - Edit /etc/samba.d/smb.conf and make sure the log file statement reads like this: log file = /var/log/samba.d/smb.%m - /etc/rc.d/init.d/samba restart Using SWAT: - Open http://localhost:901/ in a web browser. - Authenticate using the root account and password. - Click on the 'Globals' button from the Top Menubar. - Go to the 'log file' entry entry and change it to: /var/log/samba.d/smb.%m - Press the 'Commit Changes' button on top of the page. Using Webmin: - Open Webmin as described in the documentation. - Select Servers->Samba Windows Filesharing - Press the 'Miscellaneous Options' Button. - Change the logfile entry to read /var/log/samba.d/smb.%m - Press the 'Save' button. 3. References This and other Caldera security resources are located at: http://www.caldera.com/support/security/index.html This security fix closes Caldera's internal Problem Report 10136. 4. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. Caldera wishes to thank Andrew Tridgell of the Samba Team and Wichert Akkerman of Debian for their assistance. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7N19t18sy83A/qfwRAkrDAJ0XEuggSg6DPlBUtQfJzWNyCh6P1ACcD6I9 bCPM87eldMP5hcbB7mQVl6E= =yqhN -----END PGP SIGNATURE-----