Pardus: Samba: Security Bypass
Posted by Benjamin D. Thomas   
by malicious users to bypass certain security restrictions and by malicious people to potentially compromise a user's system.

--==============63095432=Content-Type: multipart/alternative; boundary1636c5b8effee23c046d8d64a5

--001636c5b8effee23c046d8d64a5
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-98            security@pardus.org.tr
------------------------------------------------------------------------

      Date: 2009-06-30
  Severity: 2
      Type: Local
------------------------------------------------------------------------

Summary
======
Two vulnerabilities have been reported in Samba, which can be exploited

by malicious users to  bypass  certain  security  restrictions  and  by
malicious people to potentially compromise a user's system.


Description
==========
1) An uninitialised memory access error exists  in  smbd  when  denying

attempts to modify a restricted access control list (ACL). This can  be
exploited to potentially modify the ACL of  an  already  writable  file
without required permissions.

2) A format  string  error  exists  in  the  "smbclient"  utility  when

processing file names  received  as  command  arguments.  This  can  be
exploited to potentially execute arbitrary code by tricking a user into
e.g. issuing a "put" command having a malicious file name  argument  in

"smbclient".



Affected packages:

  Pardus 2008:
    samba, all before 3.2.13-42-11


Resolution
=========
There are update(s) for samba. You can update them via Package  Manager

or with a single command from console:

    pisi up samba

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id128

  * http://us1.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
  * http://us1.samba.org/samba/security/CVE-2009-1886.html

  * http://us1.samba.org/samba/security/CVE-2009-1888.html