[devel] [tridge на SAMBA.ORG: Samba 2.0.8 security fix]

Ср Апр 18 14:02:04 MSD 2001

Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что
Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8)
желательно было бы собрать уже сейчас. И в updates.

On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote:
> ----- Forwarded message from tridge на SAMBA.ORG -----
> 
> Date:         Tue, 17 Apr 2001 17:06:48 -0700
> From: tridge на SAMBA.ORG
> To: BUGTRAQ на SECURITYFOCUS.COM
> Subject:      Samba 2.0.8 security fix
> Reply-To: tridge на valinux.com
> 
> I've just released Samba 2.0.8. This release fixes a significant
> security vulnerability that allows local users to corrupt local
> devices (such as raw disks).
> 
> For most users the Samba Team recommends Samba 2.2.0 which has just
> been released. Version 2.2.0 has all the security fixes plus many new
> features and other bug fixes. Version 2.0.8 is meant for very
> conservative sites that want a absolutely minimal security fix rather
> than a large update.
> 
> The security hole was found by Marcus Meissner
> (Marcus.Meissner на caldera.de) during a routine security audit of the
> Samba source code. Many thanks to Marcus and Caldera for taking the
> time to audit the code. The hole involved an incorrect usage of
> temporary files and can be exploited by a local user with a shell
> account on the Samba server to destroy data on a local device, such as
> /dev/hda. The exploit is relatively easy to perform so all sites with
> untrusted local users should update immediately to either version
> 2.0.8 or version 2.2.0.
> 
> The 2.0.8 release is available at
>     ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
> the patch is available at:
>     ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz
> 
> The 2.2.0 release is available at:
>     ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
> 
> We do not plan on doing any more releases of Samba 2.0.x.
> 
> Distribution vendors have been notified about the security fix and
> will be doing new releases shortly.
> 
> Cheers, Tridge
> 
> ----- End forwarded message -----
> 
> Regards,
> 	Dmitry
> 
> +-------------------------------------------------------------------------+
> Dmitry V. Levin     mailto://ldv@alt-linux.org
> ALT Linux Team      http://www.altlinux.ru/
> Fandra Project      http://www.fandra.org/
> +-------------------------------------------------------------------------+
> UNIX is user friendly. It's just very selective about who its friends are.

-- 
Sincerely yours, Alexander Bokovoy 
  The Midgard Project    | ALT  Linux  Team | Minsk Linux Users Group
 www.midgard-project.org | www.altlinux.ru  |    www.minsk-lug.net 
-- You won't skid if you stay in a rut.
		-- Frank Hubbard
_______________________________________________
Devel mailing list
Devel на linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel