Rapid7 VulnDB

RHSA-2012:0313: samba security, bug fix, and enhancement update

Back to Search

RHSA-2012:0313: samba security, bug fix, and enhancement update

Severity
4
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
03/10/2010
Created
07/25/2018
Added
02/21/2012
Modified
07/04/2017

Description

Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.The default Samba server configuration enabled both the "wide links" and"unix extensions" options, allowing Samba clients with write access to ashare to create symbolic links that point to any location on the filesystem. Clients connecting with CIFS UNIX extensions disabled could havesuch links resolved on the server, allowing them to access and possiblyoverwrite files outside of the share. With this update, "wide links" isset to "no" by default. In addition, the update ensures "wide links" isdisabled for shares that have "unix extensions" enabled. (CVE-2010-0926)Warning: This update may cause files and directories that are only linkedto Samba shares using symbolic links to become inaccessible to Sambaclients. In deployments where support for CIFS UNIX extensions is notneeded (such as when files are exported to Microsoft Windows clients),administrators may prefer to set the "unix extensions" option to "no" toallow the use of symbolic links to access files out of the shareddirectories. All existing symbolic links in a share should be reviewedbefore re-enabling "wide links".These updated samba packages also fix the following bug:In addition, these updated samba packages provide the followingenhancement:Users are advised to upgrade to these updated samba packages, which correctthese issues and add this enhancement. After installing this update, thesmb service will be restarted automatically.

Solution(s)

  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-debuginfo
  • redhat-upgrade-samba-swat

References

  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-debuginfo
  • redhat-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;