April 18, 2001

Debian Linux: samba symlink attack

Author: JT Smith

Ferom net-security.org: Marcus Meissner discovered that samba was not creating temporary files safely in two places:

When a remote user queried a printer queue samba would creates a temporary file in which the queue
data would be written. This was doing using a predictable filename and insecurely, allowing a local
attacker to trick samba into overwriting arbitrary files.
smbclient "more" and "mput" commands also creates temporary files in /tmp insecurely.
Both problems have been fixed in version 2.0.7-3.2. and we recommand that you upgrade your samba
package immediately. More posted at LWN.net.


  • Linux
Click Here!