Debian 2.2 DSA-048-1 Moderate: Samba Symlink Attack Security Update
debian
April 17, 2001
samba sometimes does not create temporary files safely which may result in a symlink attack.
Topics Covered
Summary
Package : samba
Problem type : symlink attack
Debian-specific: no
Marcus Meissner discovered that samba was not creating temporary
files safely in two places:
* when a remote user queried a printer queue samba would creates a
temporary file in which the queue data would be written. This was
doing using a predictable filename and insecurely, allowing a local
attacker to trick samba into overwriting arbitrary files.
* smbclient "more" and "mput" commands also creates temporary files
in /tmp insecurely.
Both problems have been fixed in version 2.0.7-3.2. and we recommand
that you upgrade your samba package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: 82f8739acbd18c2ea8756ca705d17fef
MD5 checksum: 9db59a582e19daf987c8a0ed967ca191
...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!