[LWN Logo] 

Date: 20 Nov 1998 15:49:09 -0000
From: support@caldera.com (Caldera Support)
To: caldera-announce@rim.caldera.com (Caldera Announce)
Subject: Caldera Security Advisory SA-1998.35: Suid problem in samba

-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.35: Suid problem in samba

Topic: Suid problem in samba
Advisory issue date: 20 Nov 1998


I. Problem Description

	The problem is the installation permissions of the wsmbconf binary.
	The RPM installs wsmbconf as a setgid binary owned by group root and
	executable by all users.

	The wsmbconf program was a prototype application and was never meant
	to make its way into a Samba release. It was not designed to be setgid
	and is vulnerable to attack by local users when installed setgid. 

II. Impact

	Non-privileged users can use wsmbconf to gain read/write access to any
	file which is accessible to the root group.

Description:

Vulnerable Systems:

	OpenLinux 1.0, 1.1, 1.2 & 1.3 systems using a samba package prior to
	samba-1.9.18p10-1.
	

III. Solution

Workaround:

	All systems on which the Samba RPM are installed should immediately
	remove the file /usr/sbin/wsmbconf:

        rm -f /usr/sbin/wsmbconf

	removing this file will not in any way adversely affect
	your Samba installation as the file is not actually part of 
	Samba 1.9.18p10.

Correction:

        The proper solution is to upgrade to the samba-1.9.18p10-1 packages. 

        They can be found on Caldera's FTP site at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/007/RPMS

        The corresponding source code can be found at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/007/SRPMS

	The MD5 checksums (from the "md5sum" command) for these
	packages are:
	
	e3f2fe967ccc19a3bb81979dac13c551  RPMS/samba-1.9.18p10-1.i386.rpm
	cba3bd97896ed4099d516750b4c878cf  SRPMS/samba-1.9.18p10-1.src.rpm

        Upgrade with the following commands:

	rpm -q samba && rpm -U samba-1.9.18p10.i386.rpm


IV. References

        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html


        This security fix closes Caldera's internal Problem Report 4195.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNlRrDen+9R4958LpAQF/hgQAiFndAi2nI5ivmM+4OUAbPQ+fQ/+Gepdr
KNfsqLmJnmcYiFU0jIlvDIWQ6wHH71iF0v36lt/uuNgXkHvEk7pZu82XR0YneKOR
qa5n/VCpymsVyBPXKo5Rlm+18QmtO/ew76d2eAUFD0gI7MGK7IlgYT0hPodl0uKc
dg4N71lyP5c=
=5upH
-----END PGP SIGNATURE-----
-
Notes: To learn how to use this list server, email a "help" command to
majordomo@rim.caldera.com.