Rapid7 Vulnerability & Exploit Database

RHSA-2001:086: New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1

Back to Search

RHSA-2001:086: New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
06/23/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New Samba packages are available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages fix a security problem with remote clients giving special NetBIOS names to the server. It is recommended that all Samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. UPDATE: The packages for Red Hat Linux 5.2 have been updated. The original packages detected the availability of syscalls present in kernels newer than 2.2. Red Hat Linux 5.2 has a 2.0 kernel, and users will experience various problems when these syscalls are used. This release removes the detection of these syscalls from the autoconf script.

The Samba configuration used in Red Hat Linux logs operations into [remotenetbiosname].log. By sending an invalid NetBIOS name, Samba could be fooled to write its log in unintended and inappropriate locations. This can be especially dangerous if combined with a symlink created by a local user.

Solution(s)

  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;