Software Engineering Institute

Notified:  April 19, 2001 Updated: August 01, 2001

Status

Affected

Vendor Statement

http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 23, 2001 Updated: August 01, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1307.html

http://www.linuxsecurity.com/advisories/other_advisory-1362.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The second link above documents the connectiva version that corrects this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 23, 2001 Updated: August 01, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/debian_advisory-1302.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 23, 2001 Updated: August 21, 2001

Status

Affected

Vendor Statement

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:36.samba.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 23, 2001 Updated: August 01, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/mandrake_advisory-1319.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 19, 2001 Updated: August 01, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1305.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 05, 2001 Updated: August 21, 2001

Status

Affected

Vendor Statement

http://www.redhat.com/support/errata/RHSA-2001-086.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  May 11, 2001 Updated: August 01, 2001

Status

Affected

Vendor Statement

The recent Samba 2.0.8 security fix release did NOT fix the security hole in Samba 2.0.7. I have now released Samba 2.0.9 to fix this.

Many thanks to Marc Jacobsen from HP for pointing out the error, and apologies from the Samba Team for any inconvenience.

Note that the 2.2.0 release did fix the bug, so if you have installed that release then you can ignore this message.

The 2.0.9 release is available at
ftp://ftp.samba.org/pub/samba/samba-2.0.9.tar.gz
the patch is available at:
ftp://ftp.samba.org/pub/samba/patches/samba-2.0.8-2.0.9.diffs.gz

The 2.2.0 release is available at:
ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz

We do not plan on doing any more releases of Samba 2.0.x.

Distribution vendors have been notified about the error and will be doing new releases shortly.
- - - - - - - - - -
The bug was introduced into the CVS tree on June 27th 1997. That means all versions from (and including) 1.9.17alpha4 are vulnerable. Amazingly, the bug went undetected through several security audits by various companies over the last 4 years.

The impact of the bug varies a little between versions. In the 2.0.7 release the exploit is only easy (and perhaps only possible, but I won't guarantee it) if you are exporting printer shares. In either case, we consider it a serious enough risk that all sites should upgrade as soon as possible, especially if you have untrusted users with shell accounts.

Note that the bug is not a race condition. Given the right conditions the exploit will be successful first time every time. (ie. it is not a classic mktemp race)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  April 18, 2001 Updated: September 17, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1298.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.