Detections
Analytics

Debian DSA-048-3 : samba

low Nessus Plugin ID 14885

Synopsis

The remote Debian host is missing a security-related update.

Description

Marcus Meissner discovered that samba was not creating temporary files safely in two places :

 - when a remote user queried a printer queue samba would create a temporary file in which the queue data would be written. This was being done using a predictable filename, and insecurely, allowing a local attacker to trick samba into overwriting arbitrary files.
 - smbclient 'more' and 'mput' commands also created temporary files in /tmp insecurely.

Both problems have been fixed in version 2.0.7-3.2, and we recommend that you upgrade your samba package immediately. (This problem is also fixed in the Samba 2.2 codebase.)


Note: DSA-048-1 included an incorrectly compiled sparc package, which the second edition fixed.

The third edition of the advisory was made because Marc Jacobsen from HP discovered that the security fixes from samba 2.0.8 did not fully fix the /tmp symlink attack problem. The samba team released version 2.0.9 to fix that, and those fixes have been added to version 2.0.7-3.3 of the Debian samba packages.

Solution

Upgrade the affected samba package.

See Also

http://www.debian.org/security/2001/dsa-048

Plugin Details

Severity: Low

ID: 14885

File Name: debian_DSA-048.nasl

Version: 1.21

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:samba, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2001

Vulnerability Publication Date: 4/17/2001

Reference Information

CVE: CVE-2001-0406

BID: 2617

DSA: 048