I just upgraded to 2.2.7 and noticed a problem. I use samba as a domain
controller for my Win98 machines. After the upgrade to 2.2.7 all the
users but myself were getting a failure to login to the domain. In the
log file for the machine, I see this error.
[2002/11/25 15:04:32, 0] smbd/service.c:(597)
sisrael (64.69.243.114) Can't change directory to /data/Lkr_Usr_/twinders/tmp
(Permission denied)
In this case, the user trying to login is sisrael, but the service.c
package is trying to change the the TMP directory that was set when I
configured samba.
I've tried to reinstall 2.2.6, but I'm having the same problem.
I am not sure if this is a 2.2.7 issue, a local config issue, or what.
But, I'm very confused and current samba is "down" for my users.
**
Tim Winders, MCSE, CNE, CCNA
Associate Dean of Information Technology
South Plains College
Levelland, TX 79336
Phone: 806-894-9611 x 2369
FAX:806-894-1549
Email: [EMAIL PROTECTED]
**
On Wed, 20 Nov 2002, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> The Samba Team is proud to announce the release of Samba 2.2.7.
>
> A security hole has been discovered in versions 2.2.2 through 2.2.6
> of Samba that could potentially allow an attacker to gain root access
> on the target machine. The word "potentially" is used because there
> is no known exploit of this bug, and the Samba Team has not been able to
> craft one ourselves. However, the seriousness of the problem warrants
> this immediate 2.2.7 release.
>
> In addition to addressing this security issue, Samba 2.2.7 also includes
> thirteen unrelated improvements. These improvements result from our
> process of continuous quality assurance and code review, and are part of
> the Samba team's commitment to excellence.
>
> The source code can be downloaded from :
>
> http://download.samba.org/samba/ftp/
>
> All current source releases have been signed as well using the
> Samba Distribution Key (http://web/samba/ftp/samba-pubkey.asc)
>
> Binary packages for major platforms can be found at
>
> http://download.samba.org/samba/ftp/Binary_Packages/
>
> The release notes follow.
>
> As always, all bugs are our responsibility.
>
> --Enjoy
> The Samba Team
>
>
>
> WHAT'S NEW IN Samba 2.2.7 - 20th November 2002
> ==
>
> This is the latest stable release of Samba. This is the version
> that all production Samba servers should be running for all current
> bug-fixes.
>
> IMPORTANT: Security bugfix for Samba
> -
>
> Summary
> - ---
>
> A security hole has been discovered in versions 2.2.2 through 2.2.6
> of Samba that could potentially allow an attacker to gain root access
> on the target machine. The word "potentially" is used because there
> is no known exploit of this bug, and the Samba Team has not been able to
> craft one ourselves. However, the seriousness of the problem warrants
> this immediate 2.2.7 release.
>
> In addition to addressing this security issue, Samba 2.2.7 also includes
> thirteen unrelated improvements. These improvements result from our
> process of continuous quality assurance and code review, and are part of
> the Samba team's commitment to excellence.
>
> Details
> - ---
>
> There was a bug in the length checking for encrypted password change
> requests from clients. A client could potentially send an encrypted
> password, which, when decrypted with the old hashed password could be
> used as a buffer overrun attack on the stack of smbd. The attach would
> have to be crafted such that converting a DOS codepage string to little
> endian UCS2 unicode would translate into an executable block of code.
>
> All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable
> to this problem. This version of Samba 2.2.7 contains a fix for this
> problem.
>
> Earlier versions of Samba are not vulnerable.
>
> There is no known exploit or exploit code for this vulnerability,
> it was discovered by a code audit by Debian Samba maintainers.
>
> Credit
> - --
>
> Thanks to Steve Langasek and Eloy Paris
> for bringing this vulnerability to our notice.
>
> Patch for Samba versions 2.2.2 to 2.2.6
> - ---
>
> The following patch applies cleanly to the above Samba versions
> and will fix the vulnerability for sites that do not wish to upgrade
> to 2.2.7 at this time.
>
> - ---cut here-
> - --- libsmb/smbencrypt.c.origTue Nov 19 17:21:57 2002
> +++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
> @@ -63,7 +63,7 @@
> if(len > 128)
> len = 128;
> /* Password must be converted to NT unicode - n