Pardus: Samba Security Bypass
Posted by Bill Keys   
A security issue has been reported in Samba, which can be exploited by malicious users to bypass certain security restrictions.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-01            security@pardus.org.tr
------------------------------------------------------------------------
     Date: 2009-01-08
 Severity: 2
     Type: Local
------------------------------------------------------------------------

Summary
=======

A security issue has been reported in Samba, which can be exploited  by
malicious users to bypass certain security restrictions.


Description
===========

The problem is that access to the root  file  system  is  granted  when
authenticated users connect to a share with an empty string as name, and
e.g. use an older version of smbclient.



Successful exploitation requires that "registry shares" is enabled.



NOTE: "registry shares" is implicitly set with "include = registry"  or
"config backend = registry".



Affected packages:

 Pardus 2008:
   samba, all before 3.2.7-38-7


Resolution
==========

There are update(s) for samba. You can update them via Package  Manager
or with a single command from console:

   pisi up samba

References
==========

 * http://bugs.pardus.org.tr/show_bug.cgi?id=8992
 * http://us1.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch

------------------------------------------------------------------------

--
Pardus Security Team
http://security.pardus.org.tr


_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security