From owner-freebsd-security Thu Jun 28 21:31:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from panda.freebsdsystems.com (panda.freebsdsystems.com [216.126.95.28]) by hub.freebsd.org (Postfix) with SMTP id E715437B409 for ; Thu, 28 Jun 2001 21:31:20 -0700 (PDT) (envelope-from lnb@freebsdsystems.com) Received: (qmail 32535 invoked by uid 89); 29 Jun 2001 04:31:20 -0000 Message-ID: <20010629043120.32534.qmail@panda.freebsdsystems.com> References: <200106290052.TAA32034@aristotle.tamu.edu> <87u210ngk9.fsf@boggy.acest.tutrp.tut.ac.jp> <20010629033729.31849.qmail@panda.freebsdsystems.com> <014601c10051$ca88d2c0$3200a8c0@Home> In-Reply-To: <014601c10051$ca88d2c0$3200a8c0@Home> From: "Lanny Baron" To: "Ryan Masse" Cc: "FreeBSD-Security" Subject: Re: samba vulnerability Date: Fri, 29 Jun 2001 04:31:20 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Sender: lnb@freebsdsystems.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Ryan, I cannot answer that. I am not a part of The FreeBSD Project Inc. But your question is well taken. In fact Ryan, it was your posting that led me to our mirror of Samba (http://ca.samba.org/samba/samba.html) to see what the Samba team had pointed out. What this really shows is, how well the FreeBSD community works. It's just people like you Ryan, and others that keep other people abreast of things. Regards, Lanny Ryan Masse writes: > i'm sure we are all aware of the problem.. my original question was how come > this didn't make the freebsd security advisory? > > Ryan > >> Hi, >> I am the Canadian mirror for Samba.org and the warning is right on the > main >> page, under NEWS. It's the macro %m and it warns: >> >> The security hole occurs when a log file option like the following is >> used: >> >> log file = /var/log/samba/%m.log >> >> In that case the attacker can use a locally created symbolic link to >> overwrite any file on the system. This requires local access to the >> server. >> >> If your Samba configuration has something like the following: >> >> log file = /var/log/samba/%m >> >> Then the attacker could successfully compromise your server remotely >> as no symbolic link is required. This type of configuration is very >> rare. >> >> The most commonly used log file configuration containing %m is the >> distributed in the sample configuration file that comes with Samba: >> >> log file = /var/log/samba/log.%m >> >> in that case your machine is not vulnerable to this attack unless you >> happen to have a subdirectory in /var/log/samba/ which starts with the >> prefix "log." >> >> Regards, >> Lanny >> >> NAKAJI Hiroyuki writes: >> >> >>>>>> In <200106290052.TAA32034@aristotle.tamu.edu> >> >>>>>> rasmith@aristotle.tamu.edu (Robin Smith) wrote: >> > >> > RS> the %m.log exploit, but now I wonder where it was. >> > >> > http://lists.samba.org/pipermail/samba-announce/2001-June/000054.html >> > >> > Is this what you read? >> > -- >> > NAKAJI Hiroyuki >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-security" in the body of the message >> >> >> >> ~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= >> Lanny Baron >> servers with the power to Serve >> http://www.FreeBSDsystems.com >> 1.877.963.1900 >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= Lanny Baron servers with the power to Serve http://www.FreeBSDsystems.com 1.877.963.1900 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message