Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:405

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51569

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2001:405

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2001:405.

samba is a server that provides SMB services such as file and
printer sharing for other SMB clients, such as Windows(R).
Michal Zalewski reported a remote vulnerability that could be used to
gain root privileges on the samba server.
A remote attacker can set the NetBIOS name of his machine to almost
any name. This string will be used in place of %m in the
/etc/smb.conf configuration file. This can be used to append data
that is under the attacker's control to any file on the system
depending on how the %m macro is used.
The published exploit relies on the log file directive as found in
some configurations:

log file = /var/log/samba/%m.log

An attacker could abuse this configuration, which is *not* the
default on Conectiva Linux, and set, for example, ../../../tmp/x as
his NetBIOS name. This would trick samba into appending data to a
/tmp/x.log file. If this file is a symbolic link, it will be
followed. There is a limit of 16 characters for the NetBIOS name, so
most attacks would probably rely on a symbolic link in /tmp or, if
the %m macro is used alone (such as /var/log/samba/%m), then any
file in a directory close to root (such as /bin/ls).
The default configuration of log file in Conectiva Linux does not
allow this kind of attack:

log file = /var/log/samba/log.%m

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:405
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000405

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51569
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2001:405
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2001:405. samba is a server that provides SMB services such as file and printer sharing for other SMB clients, such as Windows(R). Michal Zalewski reported a remote vulnerability that could be used to gain root privileges on the samba server. A remote attacker can set the NetBIOS name of his machine to almost any name. This string will be used in place of %m in the /etc/smb.conf configuration file. This can be used to append data that is under the attacker's control to any file on the system depending on how the %m macro is used. The published exploit relies on the log file directive as found in some configurations: log file = /var/log/samba/%m.log An attacker could abuse this configuration, which is not the default on Conectiva Linux, and set, for example, ../../../tmp/x as his NetBIOS name. This would trick samba into appending data to a /tmp/x.log file. If this file is a symbolic link, it will be followed. There is a limit of 16 characters for the NetBIOS name, so most attacks would probably rely on a symbolic link in /tmp or, if the %m macro is used alone (such as /var/log/samba/%m), then any file in a directory close to root (such as /bin/ls). The default configuration of log file in Conectiva Linux does not allow this kind of attack: log file = /var/log/samba/log.%m Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:405 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000405 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com