Rapid7 Vulnerability & Exploit Database

RHSA-2009:1585: samba3x security and bug fix update

Back to Search

RHSA-2009:1585: samba3x security and bug fix update

Severity
6
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Published
09/14/2009
Created
07/25/2018
Added
11/23/2009
Modified
07/04/2017

Description

Samba is a suite of programs used by machines to share files, printers, andother information. These samba3x packages provide Samba 3.3, which is aTechnology Preview for Red Hat Enterprise Linux 5. These packages cannot beinstalled in parallel with the samba packages. Note: Technology Previewsare not intended for production use.A denial of service flaw was found in the Samba smbd daemon. Anauthenticated, remote user could send a specially-crafted response thatwould cause an smbd child process to enter an infinite loop. Anauthenticated, remote user could use this flaw to exhaust system resourcesby opening multiple CIFS sessions. (CVE-2009-2906)An uninitialized data access flaw was discovered in the smbd daemon whenusing the non-default "dos filemode" configuration option in "smb.conf". Anauthenticated, remote user with write access to a file could possibly usethis flaw to change an access control list for that file, even when suchaccess should have been denied. (CVE-2009-1888)A flaw was discovered in the way Samba handled users without a homedirectory set in the back-end password database (e.g. "/etc/passwd"). If ashare for the home directory of such a user was created (e.g. using theautomated "[homes]" share), any user able to access that share could seethe whole file system, possibly bypassing intended access restrictions.(CVE-2009-2813)The mount.cifs program printed CIFS passwords as part of its debug outputwhen running in verbose mode. When mount.cifs had the setuid bit set, alocal, unprivileged user could use this flaw to disclose passwords from afile that would otherwise be inaccessible to that user. Note: mount.cifsfrom the samba3x packages distributed by Red Hat does not have the setuidbit set. This flaw only affected systems where the setuid bit was manuallyset by an administrator. (CVE-2009-2948)This update also fixes the following bugs:These packages upgrade Samba from version 3.3.5 to version 3.3.8. Refer tothe Samba Release Notes for a list of changes between versions:http://samba.org/samba/history/Users of samba3x should upgrade to these updated packages, which resolvethese issues. After installing this update, the smb service will berestarted automatically.

Solution(s)

  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-libtalloc
  • redhat-upgrade-libtalloc-devel
  • redhat-upgrade-libtdb
  • redhat-upgrade-libtdb-devel
  • redhat-upgrade-samba3x
  • redhat-upgrade-samba3x-client
  • redhat-upgrade-samba3x-common
  • redhat-upgrade-samba3x-doc
  • redhat-upgrade-samba3x-domainjoin-gui
  • redhat-upgrade-samba3x-swat
  • redhat-upgrade-samba3x-winbind
  • redhat-upgrade-samba3x-winbind-devel
  • redhat-upgrade-tdb-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;