----- Original Message -----
From: "David Douthitt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "LEAF Devel"
<[EMAIL PROTECTED]>
Sent: Monday, June 25, 2001 6:03 AM
Subject: [Leaf-devel] Re: [Leaf-user] Fw: URGENT: Samba security hole
> Mike Sensney wrote:
> >
> > The only Samba packages I'm aware of are Koon Wong's.
> > http://lrp.c0wz.com/files/kwarchive/
> >
> > From the /etc/smb.conf file in smb.lrp:
> >
> > # Samba config file created using SWAT
> > # from wpkgate.kc.com.my (202.184.173.241)
> > # Date: 1999/01/30 22:26:31
> >
> > # Global parameters
> > workgroup = LINUX-GRP
> > netbios name = myserver
> > encrypt passwords = Yes
> > update encrypted = Yes
> > log file = /var/log/samba/log.%m
> > guest account = pcguest
> > hosts allow = 202.184.173.
> > <<<<snip>>>>
> >
> > This does use the exploitable %m variable.
>
> However..... This default setting in Koon's package is NOT
> exploitable...
>
> Reading onwards...
>
> > >> IMPORTANT: Security bugfix for Samba
> > >> ------------------------------------
> > >>
> > >> June 23rd 2001
> > >>
> > >>
> > >> Summary
> > >> -------
> > >>
> > >> A serious security hole has been discovered in all versions of Samba
> > >> that allows an attacker to gain root access on the target machine for
> > >> certain types of common Samba configuration.
>
> > >> The most commonly used log file configuration containing %m is the
one
> > >> distributed in the sample configuration file that comes with Samba:
> > >>
> > >> log file = /var/log/samba/log.%m
> > >>
> > >> in that case your machine is not vulnerable to this attack unless you
> > >> happen to have a subdirectory in /var/log/samba/ which starts with
the
> > >> prefix "log."
unless you happen to have created the mentioned subdirectory prefixed "log"
in order to log activities on your samba server ;-)
-Kenneth Hadley
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
