what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

samba22x.txt

samba22x.txt
Posted Oct 7, 2004
Authored by Karol Wiesek | Site samba.org

Samba versions 2.2.11 and below and versions below and equal to 3.0.5 allow a remote attacker that ability to gain access to files that exist outside of the share's defined path. Such files must still be readable by the account used for the connection.

tags | advisory, remote
SHA-256 | 4f9156f25d9d86303f9556eb907601a2fdfd174787601f7b6045e7dc7b476a98

samba22x.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Potential Arbitrary File Access

Affected
Versions: Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5

Summary: A remote attacker may be able to gain access
to files which exist outside of the share's
defined path. Such files must still be readable
by the account used for the connection.


Patch Availability
- ------------------
The patch for Samba 3.0.5 and earlier releases
(samba-3.0.5-reduce_name.patch) can be downloaded
from http://download.samba.org/samba/ftp/patches/security/

Samba 2.2.12 has been released to specifically address
this bug.


Description
- -----------

A bug in the input validation routines used to convert DOS
path names to path names on the Samba host's file system
may be exploited to gain access to files outside of the
share's path defined by smb.conf.


Protecting Unpatched Servers
- ----------------------------

Samba file shares with 'wide links = no' (a non-default setting)
in the service definition in smb.conf are *not* vulnerable to
this attack.

The Samba Team always encourages users to run the latest stable
release as a defense of against attacks. However, under certain
circumstances it may not be possible to immediately upgrade
important installations. In such cases, administrators should
read the "Server Security" documentation found at
http://www.samba.org/samba/docs/server_security.html.


Credits
- --------

Both security issues were reported to Samba developers by
iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited
with this discovery.



- --
Our Code, Our Bugs, Our Responsibility.

-- The Samba Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBW90/IR7qMdg1EfYRAsqoAKCQscTE5yMhun7AV7k4Hn4+WNXe2ACeKGM4
spHMo+1Iamx+8dti3NJEsr8=
=oUg6
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close