COMMAND
Samba
SYSTEMS AFFECTED
Samba prior to 2.0.8
PROBLEM
The security hole was found by Marcus Meissner during a routine
security audit of the Samba source code. The hole involved an
incorrect usage of temporary files and can be exploited by a local
user with a shell account on the Samba server to destroy data on a
local device, such as /dev/hda. The exploit is relatively easy to
perform so all sites with untrusted local users should update
immediately to either version 2.0.8 or version 2.2.0.
The bug was introduced into the CVS tree on June 27th 1997. That
means all versions from (and including) 1.9.17alpha4 are
vulnerable. Amazingly, the bug went undetected through several
security audits by various companies over the last 4 years.
The impact of the bug varies a little between versions. In the
2.0.7 release the exploit is only easy (and perhaps only possible,
but we won't guarantee it) if you are exporting printer shares.
In either case, we consider it a serious enough risk that all
sites should upgrade as soon as possible, especially if you have
untrusted users with shell accounts.
Note that the bug is not a race condition. Given the right
conditions the exploit will be successful first time every time.
(ie. it is not a classic mktemp race)
SOLUTION
Samba team released Samba 2.0.8. This release fixes a significant
security vulnerability that allows local users to corrupt local
devices (such as raw disks). For most users the Samba Team
recommends Samba 2.2.0 which has been released. Version 2.2.0 has
all the security fixes plus many new features and other bug fixes.
Version 2.0.8 is meant for very conservative sites that want a
absolutely minimal security fix rather than a large update.
The 2.0.8 release is available at
ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
the patch is available at:
ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz
The 2.2.0 release is available at:
ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
Samba team does not plan on doing any more releases of Samba
2.0.x.
For Progeny Linux Systems:
http://archive.progeny.com/progeny/updates/newton/samba-common_2.0.7-3.2_i386.deb
http://archive.progeny.com/progeny/updates/newton/samba_2.0.7-3.2_i386.deb
http://archive.progeny.com/progeny/updates/newton/smbclient_2.0.7-3.2_i386.deb
For Immunix OS:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/samba-2.0.7-22_6.x_imnx_2.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/samba-client-2.0.7-22_6.x_imnx_2.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/samba-common-2.0.7-22_6.x_imnx_2.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/samba-2.0.7-22_6.x_imnx_2.src.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/samba-2.0.7-22_imnx_2.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/samba-client-2.0.7-22_imnx_2.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/samba-common-2.0.7-22_imnx_2.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/samba-2.0.7-22_imnx_2.src.rpm
For Caldera Systems:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
RPMS/samba-2.0.5-3.i386.rpm
RPMS/samba-doc-2.0.5-3.i386.rpm
RPMS/smbfs-2.0.5-3.i386.rpm
RPMS/swat-2.0.5-3.i386.rpm
SRPMS/samba-2.0.5-3.src.rpm
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
RPMS/samba-2.0.5-3S.i386.rpm
RPMS/samba-doc-2.0.5-3S.i386.rpm
RPMS/smbfs-2.0.5-3S.i386.rpm
RPMS/swat-2.0.5-3S.i386.rpm
SRPMS/samba-2.0.5-3S.src.rpm
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
RPMS/samba-2.0.6-4.i386.rpm
RPMS/samba-doc-2.0.6-4.i386.rpm
RPMS/smbfs-2.0.6-4.i386.rpm
RPMS/swat-2.0.6-4.i386.rpm
SRPMS/samba-2.0.6-4.src.rpm
For Trustix Secure Linux:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/software/swup/
./1.2/SRPMS/samba-2.0.9-1tr.src.rpm
./1.2/RPMS/samba-common-2.0.9-1tr.i586.rpm
./1.2/RPMS/samba-client-2.0.9-1tr.i586.rpm
./1.2/RPMS/samba-2.0.9-1tr.i586.rpm
./1.1/SRPMS/samba-2.0.9-1tr.src.rpm
./1.1/RPMS/samba-common-2.0.9-1tr.i586.rpm
./1.1/RPMS/samba-client-2.0.9-1tr.i586.rpm
./1.1/RPMS/samba-2.0.9-1tr.i586.rpm
For Debian Linux:
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.2.diff.gz
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.2.dsc
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.2.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.2.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.2.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.2.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.2.1_sparc.deb
Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/samba-swat-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/samba-2.0.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-clients-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-doc-2.0.8-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/samba-swat-2.0.8-1cl.i386.rpm
For Linux-Mandrake:
Linux-Mandrake 7.1: 7.1/RPMS/samba-2.0.9-1.2mdk.i586.rpm
7.1/RPMS/samba-client-2.0.9-1.2mdk.i586.rpm
7.1/RPMS/samba-common-2.0.9-1.2mdk.i586.rpm
7.1/SRPMS/samba-2.0.9-1.2mdk.src.rpm
Linux-Mandrake 7.2: 7.2/RPMS/samba-2.0.9-1.1mdk.i586.rpm
7.2/RPMS/samba-client-2.0.9-1.1mdk.i586.rpm
7.2/RPMS/samba-common-2.0.9-1.1mdk.i586.rpm
7.2/SRPMS/samba-2.0.9-1.1mdk.src.rpm
Linux-Mandrake 8.0: 8.0/RPMS/samba-2.0.9-1.3mdk.i586.rpm
8.0/RPMS/samba-client-2.0.9-1.3mdk.i586.rpm
8.0/RPMS/samba-common-2.0.9-1.3mdk.i586.rpm
8.0/SRPMS/samba-2.0.9-1.3mdk.src.rpm
Corporate Server 1.0.1: 1.0.1/RPMS/samba-2.0.9-1.2mdk.i586.rpm
1.0.1/RPMS/samba-client-2.0.9-1.2mdk.i586.rpm
1.0.1/RPMS/samba-common-2.0.9-1.2mdk.i586.rpm
1.0.1/SRPMS/samba-2.0.9-1.2mdk.src.rpm
For RedHat:
ftp://updates.redhat.com/5.2/en/os/SRPMS/samba-2.0.5a-2.5.2.src.rpm
ftp://updates.redhat.com/5.2/en/os/alpha/samba-2.0.5a-2.5.2.alpha.rpm
ftp://updates.redhat.com/5.2/en/os/alpha/samba-client-2.0.5a-2.5.2.alpha.rpm
ftp://updates.redhat.com/5.2/en/os/i386/samba-2.0.5a-2.5.2.i386.rpm
ftp://updates.redhat.com/5.2/en/os/i386/samba-client-2.0.5a-2.5.2.i386.rpm
ftp://updates.redhat.com/5.2/en/os/sparc/samba-2.0.5a-2.5.2.sparc.rpm
ftp://updates.redhat.com/5.2/en/os/sparc/samba-client-2.0.5a-2.5.2.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/SRPMS/samba-2.0.8-1.6.src.rpm
ftp://updates.redhat.com/6.2/en/os/SRPMS/logrotate-3.5.2-0.6.src.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/samba-2.0.8-1.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/samba-client-2.0.8-1.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/samba-common-2.0.8-1.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/logrotate-3.5.2-0.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/i386/samba-2.0.8-1.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/samba-client-2.0.8-1.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/samba-common-2.0.8-1.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/logrotate-3.5.2-0.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/samba-2.0.8-1.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/samba-client-2.0.8-1.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/samba-common-2.0.8-1.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/logrotate-3.5.2-0.6.sparc.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/samba-2.0.8-1.7.src.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/samba-2.0.8-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/samba-client-2.0.8-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/samba-common-2.0.8-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/i386/samba-2.0.8-1.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/samba-client-2.0.8-1.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/samba-common-2.0.8-1.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/samba-2.0.8-1.7.1.src.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-2.0.8-1.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-client-2.0.8-1.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-common-2.0.8-1.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-swat-2.0.8-1.7.1.i386.rpm
For FreeBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-devel-2.2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-devel-2.2.0.tgz