ISS X-Force Database: samba-netbios-file-creation(6731): samba NetBIOS name allows remote attackers to create symlink to SMB log file

samba NetBIOS name allows remote attackers to create symlink to SMB log file

samba-netbios-file-creation (6731)

High Risk

Description:

The samba daemon in some Linux distributions could allow a remote attacker to launch a symlink attack, caused by a vulnerability with NetBIOS names. The samba daemon fails to properly validate NetBIOS names in the default configuration. A remote attacker can set their NetBIOS computer name as a file name, which would create a symbolic link to the SMB log file on the system and allow the attacker to overwrite or append data to the specified file.

Consequences:

Gain Privileges

Remedy:

For Conectiva Linux 4.0:
Upgrade to the latest version of samba (2.0.9-2U40_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Conectiva Linux 4.1:
Upgrade to the latest version of samba (2.0.9-2U41_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Conectiva Linux 4.2:
Upgrade to the latest version of samba (2.0.9-2U42_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Conectiva Linux 5.0:
Upgrade to the latest version of samba (2.0.9-2U50_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Conectiva Linux 5.1:
Upgrade to the latest version of samba (2.0.9-2U51_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Conectiva Linux 6.0:
Upgrade to the latest version of samba (2.0.9-2U60_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Conectiva Linux e-commerce and prg graficos:
Upgrade to the latest version of samba (2.0.9-2U50_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:405. See References.

For Debian GNU/Linux 2.2 (alias potato):
Upgrade to the latest version of samba (2.0.7-3.4 or later), as listed in DSA-065-1. See References.

For Red Hat Linux 5.2:
Upgrade to the latest version of samba (2.0.10-0.52 or later), as listed in RHSA-2001:086-06. See References.

For Red Hat Linux 6.2:
Upgrade to the latest version of samba (2.0.10-0.62 or later), as listed in RHSA-2001:086-06. See References.

For Red Hat Linux 7.0:
Upgrade to the latest version of samba (2.0.10-0.7 or later), as listed in RHSA-2001:086-06. See References.

For Red Hat Linux 7.1:
Upgrade to the latest version of samba (2.0.10-2 or later), as listed in RHSA-2001:086-06. See References.

For HP CIFS/9000 Server version A.01.07 and earlier and HP 3000 servers running Samba/iX:
See Hewlett-Packard Company Security Advisory HPSBUX0107-157 for workaround information. See References.

For HP 3000 MPE/iX servers running Samba/iX:
See Hewlett-Packard Company Security Advisory HPSBMP0107-012 for workaround information. See References.

For Trustix Secure Linux 1.01, 1.1, and 1.2:
Upgrade to the latest version of samba (2.0.10-1tr or later), as listed in Trustix Secure Linux Security Advisory #2001-0011. See References.

For SuSE Linux 6.3, 6.4, 7.0, and 7.1:
Upgrade to the latest version of samba (2.0.10-0 or later), as listed in SuSE Security Announcement SuSE-SA:2001:021. See References.

For SuSE Linux 7.2:
Upgrade to the latest version of samba (2.2.0a-0 or later), as listed in SuSE Security Announcement SuSE-SA:2001:021. See References.

For Mandrake Linux 7.1 and Corporate Server 1.0.1:
Upgrade to the latest version of samba (2.0.10-1.3mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:062 : samba. See References.

For Mandrake Linux 7.2:
Upgrade to the latest version of samba (2.0.10-1.2mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:062 : samba. See References.

For Mandrake Linux 8.0:
Upgrade to the latest version of samba (2.0.10-1.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:062 : samba. See References.

For Immunix OS 6.2, 7.0, and 7.0-Beta:
Upgrade to the latest version of samba (2.0.10-1 or later), as listed in Immunix OS Security Advisory IMNX-2001-70-027-01. See References.

For FreeBSD FreeBSD Ports Collection prior to 2001-06-23: Upgrade to the latest version of samba (2.0.10 dated 2001-06-23 or later), as listed in FreeBSD-SA-01:45. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

BugTraq Mailing List, Sat Jun 23 2001 - 22:24:26 CDT: smbd remote file creation vulnerability.
Caldera International, Inc. Security Advisory CSSA-2001-024.0: OpenLinux: samba remote root problem.
CIAC Information Bulletin L-105: Samba Security Vulnerability.
Conectiva Linux Announcement CLSA-2001:405: samba.
FreeBSD Security Advisory FreeBSD-SA-01:45: samba.
Hewlett-Packard Company Security Bulletin HPSBMP0107-012: Security Vulnerability in CIFS/9000 Server #2. (From SecurityFocus archive.)
Hewlett-Packard Company Security Bulletin HPSBUX0107-157: Security Vulnerability in CIFS/9000 Server #2. (From SecurityFocus archive.)
Immunix OS Security Advisory IMNX-2001-70-027-01: samba, samba-client, samba-common.
Samba Security Vulnerability, June 23rd 2001: IMPORTANT: Security bugfix for Samba.
Samba Web site: The Samba Team are pleased to announce Samba 2.2.1.
SGI Security Advisory 20011002-01-P: Samba for IRIX vulnerability.
SuSE Security Announcement SuSE-SA:2001:021: samba.
Trustix Secure Linux Security Advisory #2001-0011: Samba. (From LinuxSecurity archive)
BID-2928: Samba Remote Arbitrary File Creation Vulnerability
CVE-2001-1162: Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
DSA-065: samba -- remote file append/creation
MDKSA-2001:062: Updated samba packages fix %m macro vulnerability
RHSA-2001-086: New Samba packages available for Red Hat Linux 5.2

Platforms Affected:

Conectiva Linux 4.0
Conectiva Linux 4.0es
Conectiva Linux 4.1
Conectiva Linux 4.2
Conectiva Linux 5.0
Conectiva Linux 5.1
Conectiva Linux 6.0
Conectiva Linux ecommerce
Conectiva Linux prg_graficos
Debian Debian Linux 2.2
FreeBSD FreeBSD Ports Collection
HP CIFS-9000 Server A.01.05
HP CIFS-9000 Server A.01.06
HP MPE iX
Immunix Immunix OS 6.2
Immunix Immunix OS 7.0
Immunix Immunix OS 7.0-beta
MandrakeSoft Mandrake Linux 7.1
MandrakeSoft Mandrake Linux 7.2
MandrakeSoft Mandrake Linux 8.0
MandrakeSoft Mandrake Linux Corporate Server 1.0.1
RedHat Linux 5.2
RedHat Linux 6.2
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
Samba Samba
SUSE SuSE Linux 6.3
SUSE SuSE Linux 6.4
SUSE SuSE Linux 7.0
SUSE SuSE Linux 7.1
SUSE SuSE Linux 7.2
Trustix Secure Linux 1.01
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2

Reported:

Jun 24, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page