Vulnerability Note VU#670568

Samba creates temporary files insecurely

Original Release date: 17 Sep 2001 | Last revised: 17 Sep 2001

Overview

Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification.

Description

Samba is an implementation of the Server Message Block (SMB) protocol. Some versions of samba handle temporary files in an insecure manner that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world-writable permissions, allowing any user to enter their own data.

Impact

By modifying arbitrary files, an attacker may gain elevated priveleges. By corrupting files or devices, an attacker may cause denial of service.

Solution

Apply vendor patches; see the Systems Affected section below.

Deinstall the Samba package.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
CalderaAffected19 Apr 200101 Aug 2001
ConectivaAffected23 Apr 200101 Aug 2001
DebianAffected23 Apr 200101 Aug 2001
FreeBSDAffected23 Apr 200121 Aug 2001
MandrakeSoftAffected23 Apr 200101 Aug 2001
Progency Linux SystemsAffected19 Apr 200101 Aug 2001
RedHatAffected05 Apr 200121 Aug 2001
Samba TeamAffected11 May 200101 Aug 2001
TrustixAffected18 Apr 200117 Sep 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was first reported by Marcus Meissner of Caldera.

This document was last modified by Tim Shimeall.

Other Information

  • CVE IDs: CAN-2001-0406
  • Date Public: 23 Apr 2001
  • Date First Published: 17 Sep 2001
  • Date Last Updated: 17 Sep 2001
  • Severity Metric: 13.36
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.