Updated Samba packages are now available to fix security vulnerabilities found during a code audit. [Updated 24 March 2003] Updated Samba packages for Red Hat Linux 6.2, 7, and 7.1 are now included. These packages contain Samba version 2.0.10 with a backported security fix. [Updated 1 April 2003] Updated Samba packages for Red Hat Linux 9 are now included. Please note that this issue only affects Red Hat Linux 9 boxed sets manufactured for distribution within the United States. The part numbers, which can be found on the bottom flap of the box, are RHF0120US and RHF0121US. Copies of Red Hat Linux 9 obtained through other means (such as from Red Hat Network, FTP, or international boxed sets) already contain the packages referenced by this erratum, and are not vulnerable to this issue.
Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. Sebastian Krahmer discovered a security vulnerability present in unpatched versions of Samba prior to 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Additionally, a race condition was discovered which could allow an attacker to overwrite critical system files. All users of Samba are advised to update to the packages listed in this errata which correct these vulnerabilities.