From owner-freebsd-security Thu Jun 28 21:16:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from comp1.mastery.ca (comp1.mastery.ca [209.202.88.60]) by hub.freebsd.org (Postfix) with ESMTP id F202C37B40A for ; Thu, 28 Jun 2001 21:16:54 -0700 (PDT) (envelope-from mail@max-info.net) Received: from 78kw954 (dyn216-8-131-5.ADSL.mnsi.net [216.8.131.5]) (authenticated) by comp1.mastery.ca (8.11.3/8.11.1) with ESMTP id f5T4FvQ07036; Fri, 29 Jun 2001 00:15:58 -0400 (EDT) (envelope-from mail@max-info.net) Message-ID: <014601c10051$ca88d2c0$3200a8c0@Home> From: "Ryan Masse" To: "Lanny Baron" Cc: "FreeBSD-Security" References: <200106290052.TAA32034@aristotle.tamu.edu> <87u210ngk9.fsf@boggy.acest.tutrp.tut.ac.jp> <20010629033729.31849.qmail@panda.freebsdsystems.com> Subject: Re: samba vulnerability Date: Fri, 29 Jun 2001 00:13:01 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i'm sure we are all aware of the problem.. my original question was how come this didn't make the freebsd security advisory? Ryan > Hi, > I am the Canadian mirror for Samba.org and the warning is right on the main > page, under NEWS. It's the macro %m and it warns: > > The security hole occurs when a log file option like the following is > used: > > log file = /var/log/samba/%m.log > > In that case the attacker can use a locally created symbolic link to > overwrite any file on the system. This requires local access to the > server. > > If your Samba configuration has something like the following: > > log file = /var/log/samba/%m > > Then the attacker could successfully compromise your server remotely > as no symbolic link is required. This type of configuration is very > rare. > > The most commonly used log file configuration containing %m is the > distributed in the sample configuration file that comes with Samba: > > log file = /var/log/samba/log.%m > > in that case your machine is not vulnerable to this attack unless you > happen to have a subdirectory in /var/log/samba/ which starts with the > prefix "log." > > Regards, > Lanny > > NAKAJI Hiroyuki writes: > > >>>>>> In <200106290052.TAA32034@aristotle.tamu.edu> > >>>>>> rasmith@aristotle.tamu.edu (Robin Smith) wrote: > > > > RS> the %m.log exploit, but now I wonder where it was. > > > > http://lists.samba.org/pipermail/samba-announce/2001-June/000054.html > > > > Is this what you read? > > -- > > NAKAJI Hiroyuki > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > ~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= > Lanny Baron > servers with the power to Serve > http://www.FreeBSDsystems.com > 1.877.963.1900 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message