summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authortaca <taca>2001-06-24 07:55:22 +0000
committertaca <taca>2001-06-24 07:55:22 +0000
commit0c64da9ab28ffed7b41b12f2802cf0428416275e (patch)
treeff73d645725671384d042d9deb61f1e5b708a90f /net
parent36eab8f33e241ec81d04f65aa20b29d256a20565 (diff)
downloadpkgsrc-0c64da9ab28ffed7b41b12f2802cf0428416275e.tar.gz
Update samba to 2.2.0a as samba-2.2.0nb2. Quoting from WHATSNEW.txt:
WHATS NEW IN Samba 2.2.0a: 23rd June 2001 ========================================== SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is available. The security advisory follows : IMPORTANT: Security bugfix for Samba ------------------------------------ June 23rd 2001 Summary ------- A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. The immediate fix is to edit your smb.conf configuration file and remove all occurances of the macro "%m". Replacing occurances of %m with %I is probably the best solution for most sites. Details ------- A remote attacker can use a netbios name containing unix path characters which will then be substituted into the %m macro wherever it occurs in smb.conf. This can be used to cause Samba to create a log file on top of an important system file, which in turn can be used to compromise security on the server. The most commonly used configuration option that can be vulnerable to this attack is the "log file" option. The default value for this option is VARDIR/log.smbd. If the default is used then Samba is not vulnerable to this attack. The security hole occurs when a log file option like the following is used: log file = /var/log/samba/%m.log In that case the attacker can use a locally created symbolic link to overwrite any file on the system. This requires local access to the server. If your Samba configuration has something like the following: log file = /var/log/samba/%m Then the attacker could successfully compromise your server remotely as no symbolic link is required. This type of configuration is very rare. The most commonly used log file configuration containing %m is the distributed in the sample configuration file that comes with Samba: log file = /var/log/samba/log.%m in that case your machine is not vulnerable to this attack unless you happen to have a subdirectory in /var/log/samba/ which starts with the prefix "log." Credit ------ Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this vulnerability. New Release ----------- While we recommend that vulnerable sites immediately change their smb.conf configuration file to prevent the attack we will also be making new releases of Samba within the next 24 hours to properly fix the problem. Please see http://www.samba.org/ for the new releases. Please report any attacks to the appropriate authority. The Samba Team security@samba.org
Diffstat (limited to 'net')
-rw-r--r--net/samba/Makefile6
-rw-r--r--net/samba/distinfo6
2 files changed, 6 insertions, 6 deletions
diff --git a/net/samba/Makefile b/net/samba/Makefile
index b51bc326a81..83add6fe815 100644
--- a/net/samba/Makefile
+++ b/net/samba/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2001/06/19 09:03:30 jlam Exp $
+# $NetBSD: Makefile,v 1.59 2001/06/24 07:55:22 taca Exp $
-DISTNAME= samba-2.2.0
-PKGNAME= ${DISTNAME}nb1
+DISTNAME= samba-2.2.0a
+PKGNAME= samba-2.2.0nb2
WRKSRC= ${WRKDIR}/${DISTNAME}/source
CATEGORIES= net
MASTER_SITES= ftp://ftp.samba.org/pub/samba/ \
diff --git a/net/samba/distinfo b/net/samba/distinfo
index 3bf64dda4ea..5addffd5065 100644
--- a/net/samba/distinfo
+++ b/net/samba/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.10 2001/06/19 09:03:30 jlam Exp $
+$NetBSD: distinfo,v 1.11 2001/06/24 07:55:22 taca Exp $
-SHA1 (samba-2.2.0.tar.gz) = a7010ff4b3e99a94e8a618184e551e3e61909859
-Size (samba-2.2.0.tar.gz) = 5835104 bytes
+SHA1 (samba-2.2.0a.tar.gz) = 660dc05d86b4c0aade14b22ef3ca4b8e11c30dd5
+Size (samba-2.2.0a.tar.gz) = 5923502 bytes
SHA1 (patch-ac) = 851ad9368742f02bdfa20a640e876447f895f5f8
SHA1 (patch-ad) = 9881d62319bd6d582c69e303f5aaa4e7c0c5e823