PT-2003-1116 · Samba+2 · Samba-Swat+5
Sebastian Krahmer
·
Publicado
2003-03-18
·
Atualizado
2021-03-25
·
CVE-2003-0086
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Samba versions prior to 2.2.8
Samba-swat versions 2.0.10 and 2.2.7
Samba-client versions 2.0.10 and 2.2.7
Samba-common versions 2.0.10 and 2.2.7
Description
The issue affects the Samba package in Red Hat Linux, allowing for remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. A race condition involving chown in the code for writing reg files in Samba before version 2.2.8 enables local users to overwrite arbitrary files.
Recommendations
For Samba versions prior to 2.2.8, update to version 2.2.8 or later.
For Samba-swat versions 2.0.10 and 2.2.7, update to a version later than 2.2.7.
For Samba-client versions 2.0.10 and 2.2.7, update to a version later than 2.2.7.
For Samba-common versions 2.0.10 and 2.2.7, update to a version later than 2.2.7.
As a temporary workaround, consider restricting access to the vulnerable Samba packages until a patch is available.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Red Hat
Samba
Samba-Client
Samba-Common
Samba-Swat