Note: This is an archival copy of Security Sun Alert 200529 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000404.1.
Date of Resolved Release
Under certain circumstances Samba will trim paths to be absolute paths, which could allow a remote unprivileged user to bypass the specified share restrictions and access arbitrary files and directories on the system.
Note: The Samba software suite is a collection of programs that implements the Server Message Block (SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS), LanManager, or NetBIOS protocol.
This issue is also described in the following document:
CAN-2004-0815 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815.
This issue can occur in the following releases:
with the following Samba versions:
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004
To determine the version of Samba, the following command can be run:
% rpm -qf /usr/bin/smbstatus samba-2.2.5-242
To determine the version of Samba-client, the following command can be run:
% rpm -qf /usr/bin/findsmb samba-client-2.2.5-242
There are no reliable symptoms that would indicate the described issue has been exploited.
Samba file shares with "wide links = no" (a non-default setting) in the service definition in "smb.conf" are not vulnerable to this attack. It is highly recommended that "wide links" be set to "no" if at all possible.
To download and install the updated RPMs from the update servers, select the following from the "launch" bar:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining updates, please see the following documents:
Sun Java Desktop System Release 2
This solution has no attachment