Vulnerability Note VU#670568
Samba creates temporary files insecurely
Overview
Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification.
Description
Samba is an implementation of the Server Message Block (SMB) protocol. Some versions of samba handle temporary files in an insecure manner that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world-writable permissions, allowing any user to enter their own data. |
Impact
By modifying arbitrary files, an attacker may gain elevated priveleges. By corrupting files or devices, an attacker may cause denial of service. |
Solution
Apply vendor patches; see the Systems Affected section below. |
Deinstall the Samba package. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Caldera | Affected | 19 Apr 2001 | 01 Aug 2001 |
| Conectiva | Affected | 23 Apr 2001 | 01 Aug 2001 |
| Debian | Affected | 23 Apr 2001 | 01 Aug 2001 |
| FreeBSD | Affected | 23 Apr 2001 | 21 Aug 2001 |
| MandrakeSoft | Affected | 23 Apr 2001 | 01 Aug 2001 |
| Progency Linux Systems | Affected | 19 Apr 2001 | 01 Aug 2001 |
| RedHat | Affected | 05 Apr 2001 | 21 Aug 2001 |
| Samba Team | Affected | 11 May 2001 | 01 Aug 2001 |
| Trustix | Affected | 18 Apr 2001 | 17 Sep 2001 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.securityfocus.com/bid/2617
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:36.samba.asc
- http://www.linuxsecurity.com/advisories/freebsd_advisory-1314.html
- http://www.redhat.com/support/errata/RHSA-2001-086.html
- http://www.linuxsecurity.com/advisories/redhat_advisory-1369.html
- http://www.linuxsecurity.com/advisories/mandrake_advisory-1319.html
- http://www.linuxsecurity.com/advisories/other_advisory-1307.html
- http://www.linuxsecurity.com/advisories/other_advisory-1362.html
- http://www.linuxsecurity.com/advisories/debian_advisory-1302.html
- http://www.linuxsecurity.com/advisories/other_advisory-1305.html
- http://www.linuxsecurity.com/advisories/other_advisory-1298.html
- http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt
Credit
This vulnerability was first reported by Marcus Meissner of Caldera.
This document was last modified by Tim Shimeall.
Other Information
- CVE IDs: CAN-2001-0406
- Date Public: 23 Apr 2001
- Date First Published: 17 Sep 2001
- Date Last Updated: 17 Sep 2001
- Severity Metric: 13.36
- Document Revision: 7
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.