On Wednesday 11 February 2004 03:04 pm, Corey Hickey wrote: > this affects any Debian installation that uses Linux 2.6
And has smbfs installed - that is the package with smbmnt setUID root. > Following the instructions on the original report to gain root on a > vulnerable system (the client) is quite easy. Provided the attacker is able to introduce a rogue Samba server onto the network and has a shell account on the target. > On a temporary basis, this problem can be easily mitigated: > # chmod u-s `which smbmnt` > ...but this prevents regular users from smbmounting. Unless the admin puts the share in /etc/fstab with the "users" option, which is far better than allowing local users to mount random network filesystems. You could file a bug against the smbfs package (since there doesn't seem to be one already) that /usr/bin/smbmnt being setUID root opens a security hole, and include the link to the BugTraq report. Note that if this requires Samba 3 on the client side, then Woody isn't affected (Woody uses a patched Samba 2.2.3a). Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
