Home > Security > Advisories


Mandriva Advisories

Package name samba
Date April 20th, 2001
Advisory ID MDKSA-2001:040
Affected versions 7.1, 7.2, 8.0, CS1.0
Synopsis Updated samba packages fix temporary file insecurities

Problem Description

A vulnerability found by Marcus Meissner exists in Samba where it was
not creating temporary files safely which could allow local users to
overwrite files that they may not have access to. This happens when a
remote user queried a printer queue and samba would create a temporary
file in which the queue's data was written. Because Samba created the
file insecurely and used a predictable filename, a local attacker could
cause Samba to overwrite files that the attacker did not have access
to. As well, the smbclient "more" and "mput" commands also created
temporary files insecurely.

The vulnerability is present in Samba 2.0.7 and lower. 2.0.8 and 2.2.0
correct this behaviour.

Updated Packages

Mandrakelinux 7.1

 893aa5b63b25263f4118094129b2c44f  7.1/RPMS/samba-2.0.8-1.2mdk.i586.rpm
04049723b420696c64207e29e020f563  7.1/RPMS/samba-client-2.0.8-1.2mdk.i586.rpm
74858e6ce9b9aa3d1cd1a93e210a5aae  7.1/RPMS/samba-common-2.0.8-1.2mdk.i586.rpm
d331a93d62eb3d36397fbada1e65ff48  7.1/SRPMS/samba-2.0.8-1.2mdk.src.rpm

Mandrakelinux 7.2

 880264e1b7e1187a31d42e8fc4dfe695  7.2/RPMS/samba-2.0.8-1.1mdk.i586.rpm
fe886d72bbc2a6be11acab0b0dfb02b6  7.2/RPMS/samba-client-2.0.8-1.1mdk.i586.rpm
b24b7b6edfb8f774ea3a779ba6c2276f  7.2/RPMS/samba-common-2.0.8-1.1mdk.i586.rpm
41235ade6df790f3d0a927a2e8d7f445  7.2/SRPMS/samba-2.0.8-1.1mdk.src.rpm

Mandrakelinux 8.0

 ef8d5cd992f07be3878e65c69abb2606  8.0/RPMS/samba-2.0.8-1.3mdk.i586.rpm
1ad7f4f08f48c42b64cf2b8e9937999c  8.0/RPMS/samba-client-2.0.8-1.3mdk.i586.rpm
5224020f261a0493ff41570b2d42bc79  8.0/RPMS/samba-common-2.0.8-1.3mdk.i586.rpm
7c612ae58c07cc69030ea2cf4f675437  8.0/SRPMS/samba-2.0.8-1.3mdk.src.rpm

Corporate Server 1.0.1

 87b197a24e6d030fd1b2dbc99374a734  1.0.1/RPMS/samba-2.0.8-1.2mdk.i586.rpm
fda79a63b7e5521eb89804d8a689ea61  1.0.1/RPMS/samba-client-2.0.8-1.2mdk.i586.rpm
cb2b31c5794f6dcd055fb8caffe4317b  1.0.1/RPMS/samba-common-2.0.8-1.2mdk.i586.rpm
d331a93d62eb3d36397fbada1e65ff48  1.0.1/SRPMS/samba-2.0.8-1.2mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.