Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Aug 2000 16:19:24 +0900 (JST)
From:      nakaji@jp.freebsd.org
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/20957: Update port: japanese/samba to fix security problem
Message-ID:  <200008310719.e7V7JOa24060@nakaji.tutrp.tut.ac.jp>
next in thread | raw e-mail | index | archive | help 

>Number:         20957
>Category:       ports
>Synopsis:       Update port: japanese/samba to fix security problem
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 31 00:30:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     NAKAJI Hiroyuki
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:

	FreeBSD nakaji.tutrp.tut.ac.jp 5.0-CURRENT FreeBSD 5.0-CURRENT
	#0: Mon Aug 28 14:07:52 JST 2000
	root@nakaji.tutrp.tut.ac.jp:/home2/obj/usr/src/sys/NAKAJI  i386

>Description:

	Japanized swat has big security hole. For debug, swat outputs
	some informations into /tmp/cgi.log and they includes username
	and his/her passwd. Sometimes it is root.

>How-To-Repeat:

	

>Fix:

	Samba-2.0.7-ja-1.2 is unsafe. Update to 1.2a, delete
	/tmp/cgi.log and change root's password if necessary.

	Here is a patch for update of japanese/samba.

Index: Makefile
===================================================================
RCS file: /usr2/ncvs/ports/japanese/samba/Makefile,v
retrieving revision 1.6
diff -u -r1.6 Makefile
--- Makefile	2000/08/30 04:47:06	1.6
+++ Makefile	2000/08/31 05:31:05
@@ -24,7 +24,7 @@
 Y2K=		http://us1.samba.org/samba/docs/sambay2k.html
 
 SAMBA_VERSION=		2.0.7
-SAMBA_JA_VERSION=	1.2
+SAMBA_JA_VERSION=	1.2a
 
 # directories
 VARDIR=		/var
Index: files/md5
===================================================================
RCS file: /usr2/ncvs/ports/japanese/samba/files/md5,v
retrieving revision 1.3
diff -u -r1.3 md5
--- files/md5	2000/08/29 19:47:12	1.3
+++ files/md5	2000/08/31 05:31:05
@@ -1 +1 @@
-MD5 (samba-2.0.7-ja-1.2.tar.gz) = b0972989e1e99af0420707edcc90e733
+MD5 (samba-2.0.7-ja-1.2a.tar.gz) = 85467d1b552baf5218f7984be1b8c42f



>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008310719.e7V7JOa24060>