Vulnerability Note VU#670568
Samba creates temporary files insecurely
Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification.
Samba is an implementation of the Server Message Block (SMB) protocol. Some versions of samba handle temporary files in an insecure manner that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world-writable permissions, allowing any user to enter their own data.
By modifying arbitrary files, an attacker may gain elevated priveleges. By corrupting files or devices, an attacker may cause denial of service.
Apply vendor patches; see the Systems Affected section below.
Deinstall the Samba package.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||19 Apr 2001||01 Aug 2001|
|Conectiva||Affected||23 Apr 2001||01 Aug 2001|
|Debian||Affected||23 Apr 2001||01 Aug 2001|
|FreeBSD||Affected||23 Apr 2001||21 Aug 2001|
|MandrakeSoft||Affected||23 Apr 2001||01 Aug 2001|
|Progency Linux Systems||Affected||19 Apr 2001||01 Aug 2001|
|RedHat||Affected||05 Apr 2001||21 Aug 2001|
|Samba Team||Affected||11 May 2001||01 Aug 2001|
|Trustix||Affected||18 Apr 2001||17 Sep 2001|
CVSS Metrics (Learn More)
This vulnerability was first reported by Marcus Meissner of Caldera.
This document was last modified by Tim Shimeall.
- CVE IDs: CAN-2001-0406
- Date Public: 23 Apr 2001
- Date First Published: 17 Sep 2001
- Date Last Updated: 17 Sep 2001
- Severity Metric: 13.36
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.