From tsl@TRUSTIX.COM Wed Apr 18 17:07:30 2001 From: tsl@TRUSTIX.COM To: BUGTRAQ@SECURITYFOCUS.COM Date: Wed, 18 Apr 2001 16:42:40 +0200 Subject: [BUGTRAQ] TSLSA-#2001-0005 - samba -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0005 Package name: samba Severity: Possible alternation of local files and devices Date: 2001-04-18 Affected versions: TSL 1.01, 1.1, 1.2 - -------------------------------------------------------------------------- Problem description: Samba up to version 2.0.7 uses mktemp(3) for creation of temporary files. This allows malicious local users to alter contents of other files on the system, and potentially gain superuser privileges. Action: We recommend that all systems with this package installed are upgraded. If you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: The advisory itself is available from the errata page at or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 9fddc25d3fc75cc31a550d481fab23f8 ./1.2/SRPMS/samba-2.0.8-1tr.src.rpm 8f55ae93a15e9201858bc313b0a2531e ./1.2/RPMS/samba-common-2.0.8-1tr.i586.rpm 4d6e05dcdf8a9992d8924f4d210a23eb ./1.2/RPMS/samba-client-2.0.8-1tr.i586.rpm 2af9cf1e295fee0b064c26e0a65a33c6 ./1.2/RPMS/samba-2.0.8-1tr.i586.rpm 9fddc25d3fc75cc31a550d481fab23f8 ./1.1/SRPMS/samba-2.0.8-1tr.src.rpm 188cd370b8a8fdb1f8796b0d1bd7571f ./1.1/RPMS/samba-common-2.0.8-1tr.i586.rpm 7e6481da006ba1e98ac80e81f0ae6a1c ./1.1/RPMS/samba-client-2.0.8-1tr.i586.rpm 198ea59a43c56ce1857ce9a1fcc805bc ./1.1/RPMS/samba-2.0.8-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE63Z4dwRTcg4BxxS0RAnRFAJsG/hwSznasKcIRI0az0mF2dVlTzQCffOgm iUZSe8m+1Rg6G15k+y6nDNU= =g2Yt -----END PGP SIGNATURE----- -- Trustix Secure Linux Advisor Homepage: http://www.trustix.net/ Errata: http://www.trustix.net/errata/ Automatic updates: http://www.trustix.net/pub/Trustix/software/swup/