Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:405

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51569

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2001:405

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2001:405.

samba is a server that provides SMB services such as file and
printer sharing for other SMB clients, such as Windows(R).
Michal Zalewski reported a remote vulnerability that could be used to
gain root privileges on the samba server.
A remote attacker can set the NetBIOS name of his machine to almost
any name. This string will be used in place of %m in the
/etc/smb.conf configuration file. This can be used to append data
that is under the attacker's control to any file on the system
depending on how the %m macro is used.
The published exploit relies on the log file directive as found in
some configurations:

log file = /var/log/samba/%m.log

An attacker could abuse this configuration, which is *not* the
default on Conectiva Linux, and set, for example, ../../../tmp/x as
his NetBIOS name. This would trick samba into appending data to a
/tmp/x.log file. If this file is a symbolic link, it will be
followed. There is a limit of 16 characters for the NetBIOS name, so
most attacks would probably rely on a symbolic link in /tmp or, if
the %m macro is used alone (such as /var/log/samba/%m), then any
file in a directory close to root (such as /bin/ls).
The default configuration of log file in Conectiva Linux does not
allow this kind of attack:

log file = /var/log/samba/log.%m

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:405
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000405

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51569
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2001:405
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2001:405. samba is a server that provides SMB services such as file and printer sharing for other SMB clients, such as Windows(R). Michal Zalewski reported a remote vulnerability that could be used to gain root privileges on the samba server. A remote attacker can set the NetBIOS name of his machine to almost any name. This string will be used in place of %m in the /etc/smb.conf configuration file. This can be used to append data that is under the attacker's control to any file on the system depending on how the %m macro is used. The published exploit relies on the log file directive as found in some configurations: log file = /var/log/samba/%m.log An attacker could abuse this configuration, which is not the default on Conectiva Linux, and set, for example, ../../../tmp/x as his NetBIOS name. This would trick samba into appending data to a /tmp/x.log file. If this file is a symbolic link, it will be followed. There is a limit of 16 characters for the NetBIOS name, so most attacks would probably rely on a symbolic link in /tmp or, if the %m macro is used alone (such as /var/log/samba/%m), then any file in a directory close to root (such as /bin/ls). The default configuration of log file in Conectiva Linux does not allow this kind of attack: log file = /var/log/samba/log.%m Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:405 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000405 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com