Package name
samba
Date
2001-04-20
Advisory ID
MDKSA-2001:040
Affected versions
8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

A vulnerability found by Marcus Meissner exists in Samba where it was not creating temporary files safely which could allow local users to overwrite files that they may not have access to. This happens when a remote user queried a printer queue and samba would create a temporary file in which the queue's data was written. Because Samba created the file insecurely and used a predictable filename, a local attacker could cause Samba to overwrite files that the attacker did not have access to. As well, the smbclient "more" and "mput" commands also created temporary files insecurely. The vulnerability is present in Samba 2.0.7 and lower. 2.0.8 and 2.2.0 correct this behaviour.

Updated packages

8.0 i586

 ef8d5cd992f07be3878e65c69abb2606  8.0/RPMS/samba-2.0.8-1.3mdk.i586.rpm
1ad7f4f08f48c42b64cf2b8e9937999c  8.0/RPMS/samba-client-2.0.8-1.3mdk.i586.rpm
5224020f261a0493ff41570b2d42bc79  8.0/RPMS/samba-common-2.0.8-1.3mdk.i586.rpm
7c612ae58c07cc69030ea2cf4f675437  8.0/SRPMS/samba-2.0.8-1.3mdk.src.rpm

7.2 i586

 880264e1b7e1187a31d42e8fc4dfe695  7.2/RPMS/samba-2.0.8-1.1mdk.i586.rpm
fe886d72bbc2a6be11acab0b0dfb02b6  7.2/RPMS/samba-client-2.0.8-1.1mdk.i586.rpm
b24b7b6edfb8f774ea3a779ba6c2276f  7.2/RPMS/samba-common-2.0.8-1.1mdk.i586.rpm
41235ade6df790f3d0a927a2e8d7f445  7.2/SRPMS/samba-2.0.8-1.1mdk.src.rpm

7.1 i586

 893aa5b63b25263f4118094129b2c44f  7.1/RPMS/samba-2.0.8-1.2mdk.i586.rpm
04049723b420696c64207e29e020f563  7.1/RPMS/samba-client-2.0.8-1.2mdk.i586.rpm
74858e6ce9b9aa3d1cd1a93e210a5aae  7.1/RPMS/samba-common-2.0.8-1.2mdk.i586.rpm
d331a93d62eb3d36397fbada1e65ff48  7.1/SRPMS/samba-2.0.8-1.2mdk.src.rpm

CS1.0 i586

 87b197a24e6d030fd1b2dbc99374a734  1.0.1/RPMS/samba-2.0.8-1.2mdk.i586.rpm
fda79a63b7e5521eb89804d8a689ea61  1.0.1/RPMS/samba-client-2.0.8-1.2mdk.i586.rpm
cb2b31c5794f6dcd055fb8caffe4317b  1.0.1/RPMS/samba-common-2.0.8-1.2mdk.i586.rpm
d331a93d62eb3d36397fbada1e65ff48  1.0.1/SRPMS/samba-2.0.8-1.2mdk.src.rpm