Note: This is an archival copy of Security Sun Alert 200472 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000350.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Bug Id 6217228 Date of Workaround Release 24-JAN-2005 Date of Resolved Release 17-OCT-2006 Impact An integer overflow security issue with the Samba(7) smbd(1m) daemon may allow a local or remote authenticated user the ability to execute arbitrary commands with the privileges of Super User (typically root), on a Solaris 9 or Solaris 10 system running as a Samba(7) server. More information on this issue is available at:
Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 7 and Solaris 8 do not include the Samba software and are not affected by this issues. Sun does include Samba on the Solaris Companion CD for Solaris 8 as an unsupported package which installs to "/opt/sfw" and is vulnerable to this issue. Sites using the freeware version of Samba from the Solaris Companion CD will need to upgrade to a later version from Samba.org. This issue only occurs if all of the following conditions are true:
To determine if a system is configured as a Samba server, use the following command to check for the presence of the smb.conf(4) file: % ls -l /etc/sfw/smb.conf -rw-r--r-- 1 root other 11665 Sep 28 16:37 /etc/sfw/smb.conf If the output is similar to that shown above, the system is configured as a Samba server. To determine the version of Samba installed on a system, the following command can be run: % /usr/sfw/sbin/smbd -V Version 3.0.4 Symptoms Unsuccessful exploitation attempts may leave evidence of an attack in system logs. Workaround To work around the described issue, download and compile samba 3.0.10 or higher from Samba.org Follow the security suggestions from the samba team at: http://www.samba.org/samba/docs/server_security.html. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 13-JUN-2005 Change History13-Jun-2005:
Date: 17-OCT-2006
References119757-01119758-01 114684-05 114685-05 Attachments This solution has no attachment |
|