Date: Fri, 29 Jun 2001 03:37:29 GMT From: "Lanny Baron" <lnb@freebsdsystems.com> To: NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp> Cc: freebsd-security@freebsd.org Subject: Re: samba vulnerability Message-ID: <20010629033729.31849.qmail@panda.freebsdsystems.com> In-Reply-To: <87u210ngk9.fsf@boggy.acest.tutrp.tut.ac.jp> References: <mail@max-info.net> <200106290052.TAA32034@aristotle.tamu.edu> <87u210ngk9.fsf@boggy.acest.tutrp.tut.ac.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I am the Canadian mirror for Samba.org and the warning is right on the main page, under NEWS. It's the macro %m and it warns: The security hole occurs when a log file option like the following is used: log file = /var/log/samba/%m.log In that case the attacker can use a locally created symbolic link to overwrite any file on the system. This requires local access to the server. If your Samba configuration has something like the following: log file = /var/log/samba/%m Then the attacker could successfully compromise your server remotely as no symbolic link is required. This type of configuration is very rare. The most commonly used log file configuration containing %m is the distributed in the sample configuration file that comes with Samba: log file = /var/log/samba/log.%m in that case your machine is not vulnerable to this attack unless you happen to have a subdirectory in /var/log/samba/ which starts with the prefix "log." Regards, Lanny NAKAJI Hiroyuki writes: >>>>>> In <200106290052.TAA32034@aristotle.tamu.edu> >>>>>> rasmith@aristotle.tamu.edu (Robin Smith) wrote: > > RS> the %m.log exploit, but now I wonder where it was. > > http://lists.samba.org/pipermail/samba-announce/2001-June/000054.html > > Is this what you read? > -- > NAKAJI Hiroyuki > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= Lanny Baron servers with the power to Serve http://www.FreeBSDsystems.com 1.877.963.1900 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010629033729.31849.qmail>