Debian: 'samba' remote file append/creation vulnerability

Advisories


------------------------------------------------------------------------
Debian Security Advisory DSA-065-1                   [email protected] 
https://www.debian.org/security/                         Wichert Akkerman
June 23, 2001
------------------------------------------------------------------------


Package        : samba
Problem type   : remote file append/creation
Debian-specific: no

Michal Zalewski discovered that samba does not properly validate
NetBIOS names from remote machines.

By itself that is not a problem, except if Samba is configure to
write log-files to a file that includes the NetBIOS name of the
remote side by using the `%m' macro in the `log file' command. In
that case an attacker could use a NetBIOS name like '../tmp/evil'.
If the log-file was set to "/var/log/samba/%s" samba would them
write to /var/tmp/evil.

Since the NetBIOS name is limited to 15 characters and the `log
file' command could have an extension to the filename the results
of this are limited. However if the attacker is also able to create
symbolic links on the samba server he could trick samba into
appending any data he wants to all files on the filesystem which
samba can write to.

The Debian GNU/Linux packaged version of samba has a safe
configuration and is not vulnerable.

As temporary workaround for systems that are vulnerable change all
occurrences of the `%m' macro in smb.conf to `%l' and restart samba.

This has been fixed in version 2.0.7-3.4, and we recommend that up
upgrade your samba package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
     https://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.4.diff.gz
      MD5 checksum: 5611001a7ed3b80214709ee1f5b433cf
     https://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.4.dsc
      MD5 checksum: 1899ddf270b1c7422297b5725aae1cac
     https://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
      MD5 checksum: b5e61ea655d476072fd0365785fea2d0

  Architecture independent archives:
     https://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.4_all.deb
      MD5 checksum: 5e9e67fd0b0647945106ec4af85aec6e

  Alpha architecture:
     https://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.4_alpha.deb
      MD5 checksum: f978de80e3dcfdd5a08c623b365c1a88
     https://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.4_alpha.deb
      MD5 checksum: 139272e3c7f6fc6643b303db996736a3
     https://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.4_alpha.deb
      MD5 checksum: 106f37c91188799ba73f5821582cce82
     https://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.4_alpha.deb
      MD5 checksum: 5eba972f8f5ec99b9ac31281ff93b862
     https://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.4_alpha.deb
      MD5 checksum: 1fddc7995e9068fba6f509222c386b36

  ARM architecture:
     https://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.4_arm.deb
      MD5 checksum: 4cebf21d3d52f80250688b79d078cffe
     https://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.4_arm.deb
      MD5 checksum: 5e98051170c741a8d982cd4eedd1ee2d
     https://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.4_arm.deb
      MD5 checksum: 8968608080bf324dbab1dbca607066cd
     https://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.4_arm.deb
      MD5 checksum: f57810ea2d6c7686d090ed84ccfb168f
     https://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.4_arm.deb
      MD5 checksum: a14b4f352fdca1986d5142c8584c3d15

  Intel IA-32 architecture:
     https://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.4_i386.deb
      MD5 checksum: 68a2b37078da7ae8bfe494ba4406f9b7
     https://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.4_i386.deb
      MD5 checksum: 9e7d7b60348a4aa2d3f401e30a7078c9
     https://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.4_i386.deb
      MD5 checksum: fff14586173645b3ee81129f071ea462
     https://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.4_i386.deb
      MD5 checksum: f07facfb2938d08f76f4aef1a4ccba54
     https://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.4_i386.deb
      MD5 checksum: aa9665611e949b70c5157c51329f765e

  Motorola 680x0 architecture:
     https://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.4_m68k.deb
      MD5 checksum: db9593e35e444ede9ebe7c8583813166
     https://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.4_m68k.deb
      MD5 checksum: d7df68eef17e69a52d9e6d43532f4fca
     https://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.4_m68k.deb
      MD5 checksum: 99e120404688b3834467a5d9654b5066
     https://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.4_m68k.deb
      MD5 checksum: 414a4563a94386bdc7064fa3fa655af5
     https://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.4_m68k.deb
      MD5 checksum: 1886e731d2aa8de279cdbd40c23d08cd

  PowerPC architecture:
     https://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.4_powerpc.deb
      MD5 checksum: 46d0b904f84472dd446d6bc6598a7611
     https://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.4_powerpc.deb
      MD5 checksum: 79ffd3bc7f11c7a5010a36a390e254ae
     https://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.4_powerpc.deb
      MD5 checksum: 678b59800ac66aab2744a5b4a1067494
     https://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.4_powerpc.deb
      MD5 checksum: 451edca1851b05a743f4c371a1b4a428
     https://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.4_powerpc.deb
      MD5 checksum: 8bf7246835c70edff54c2c106c06d41f

  Sun Sparc architecture:
     https://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.4_sparc.deb
      MD5 checksum: c3d1ece362929b928271e1549d618583
     https://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.4_sparc.deb
      MD5 checksum: cc11c140c1d05fb59c9cf68c3b19870c
     https://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.4_sparc.deb
      MD5 checksum: a31eacb646466c408183a72b030ebfa6
     https://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.4_sparc.deb
      MD5 checksum: f411a3651f63e466066d4f85bfb3dc6e
     https://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.4_sparc.deb
      MD5 checksum: 26a982c6b747338883a1be57e6fefc2d

  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
----------------------------------------------------------------------------
apt-get: deb  https://security.debian.org/ stable/updates main
dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]



Debian: 'samba' remote file append/creation vulnerability

June 23, 2001

Summary

Package : samba
Problem type : remote file append/creation
Debian-specific: no

Michal Zalewski discovered that samba does not properly validate
NetBIOS names from remote machines.

By itself that is not a problem, except if Samba is configure to
write log-files to a file that includes the NetBIOS name of the
remote side by using the `%m' macro in the `log file' command. In
that case an attacker could use a NetBIOS name like '../tmp/evil'.
If the log-file was set to "/var/log/samba/%s" samba would them
write to /var/tmp/evil.

Since the NetBIOS name is limited to 15 characters and the `log
file' command could have an extension to the filename the results
of this are limited. However if the attacker is also able to create
symbolic links on the samba server he could trick samba into
appending any data he wants to all files on the filesystem which
samba can write to.

The Debian GNU/Linux packaged version of samba has a safe
configuration and is not vulnerable.

As temporary workaround for systems that are vulnerable change all
occurrences of the `%m' macro in smb.conf to `%l' and restart samba.

This has been fixed in version 2.0.7-3.4, and we recommend that up
upgrade your samba package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:
https://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.4.diff.gz
MD5 checksum: 5611001a7ed3b80214709ee1f5b433cf
https://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.4.dsc
MD5 checksum: 1899ddf270b1c7422297b5725aae1cac
https://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
MD5 checksum: b5e61ea655d476072fd0365785fea2d0

Architecture independent archives:
https://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.4_all.deb
MD5 checksum: 5e9e67fd0b0647945106ec4af85aec6e

Alpha architecture:
https://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.4_alpha.deb
MD5 checksum: f978de80e3dcfdd5a08c623b365c1a88
https://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.4_alpha.deb
MD5 checksum: 139272e3c7f6fc6643b303db996736a3
https://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.4_alpha.deb
MD5 checksum: 106f37c91188799ba73f5821582cce82
https://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.4_alpha.deb
MD5 checksum: 5eba972f8f5ec99b9ac31281ff93b862
https://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.4_alpha.deb
MD5 checksum: 1fddc7995e9068fba6f509222c386b36

ARM architecture:
https://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.4_arm.deb
MD5 checksum: 4cebf21d3d52f80250688b79d078cffe
https://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.4_arm.deb
MD5 checksum: 5e98051170c741a8d982cd4eedd1ee2d
https://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.4_arm.deb
MD5 checksum: 8968608080bf324dbab1dbca607066cd
https://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.4_arm.deb
MD5 checksum: f57810ea2d6c7686d090ed84ccfb168f
https://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.4_arm.deb
MD5 checksum: a14b4f352fdca1986d5142c8584c3d15

Intel IA-32 architecture:
https://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.4_i386.deb
MD5 checksum: 68a2b37078da7ae8bfe494ba4406f9b7
https://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.4_i386.deb
MD5 checksum: 9e7d7b60348a4aa2d3f401e30a7078c9
https://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.4_i386.deb
MD5 checksum: fff14586173645b3ee81129f071ea462
https://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.4_i386.deb
MD5 checksum: f07facfb2938d08f76f4aef1a4ccba54
https://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.4_i386.deb
MD5 checksum: aa9665611e949b70c5157c51329f765e

Motorola 680x0 architecture:
https://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.4_m68k.deb
MD5 checksum: db9593e35e444ede9ebe7c8583813166
https://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.4_m68k.deb
MD5 checksum: d7df68eef17e69a52d9e6d43532f4fca
https://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.4_m68k.deb
MD5 checksum: 99e120404688b3834467a5d9654b5066
https://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.4_m68k.deb
MD5 checksum: 414a4563a94386bdc7064fa3fa655af5
https://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.4_m68k.deb
MD5 checksum: 1886e731d2aa8de279cdbd40c23d08cd

PowerPC architecture:
https://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.4_powerpc.deb
MD5 checksum: 46d0b904f84472dd446d6bc6598a7611
https://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.4_powerpc.deb
MD5 checksum: 79ffd3bc7f11c7a5010a36a390e254ae
https://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.4_powerpc.deb
MD5 checksum: 678b59800ac66aab2744a5b4a1067494
https://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.4_powerpc.deb
MD5 checksum: 451edca1851b05a743f4c371a1b4a428
https://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.4_powerpc.deb
MD5 checksum: 8bf7246835c70edff54c2c106c06d41f

Sun Sparc architecture:
https://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.4_sparc.deb
MD5 checksum: c3d1ece362929b928271e1549d618583
https://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.4_sparc.deb
MD5 checksum: cc11c140c1d05fb59c9cf68c3b19870c
https://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.4_sparc.deb
MD5 checksum: a31eacb646466c408183a72b030ebfa6
https://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.4_sparc.deb
MD5 checksum: f411a3651f63e466066d4f85bfb3dc6e
https://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.4_sparc.deb
MD5 checksum: 26a982c6b747338883a1be57e6fefc2d

These packages will be moved into the stable distribution on its next
revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
----------------------------------------------------------------------------
apt-get: deb https://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]






Severity

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.