Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Samba vulnerability
Informations
NameUSN-918-1First vendor Publication2010-03-24
VendorUbuntuLast vendor Modification2010-03-24
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.11

Ubuntu 8.04 LTS:
samba 3.0.28a-1ubuntu4.11

Ubuntu 8.10:
samba 2:3.2.3-1ubuntu3.8

Ubuntu 9.04:
samba 2:3.3.2-1ubuntu3.4

Ubuntu 9.10:
samba 2:3.4.0-3ubuntu5.6

In general, a standard system upgrade is sufficient to effect the necessary changes.

ATTENTION: This update changes the default samba behaviour. For security reasons, it is no longer possible to use wide links and UNIX extensions at the same time. After applying this security update, wide links will be disabled automatically as UNIX extensions are turned on by default. If wide links are required, you can re-enable them by adding "unix extensions = no" to the [global] section of the /etc/samba/smb.conf configuration file.

Details follow:

It was discovered the Samba handled symlinks in an unexpected way when both "wide links" and "UNIX extensions" were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server.

Original Source

Url : http://www.ubuntu.com/usn/USN-918-1

CWE : Common Weakness Enumeration

idName
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20961
 
Oval ID: oval:org.mitre.oval:def:20961
Title: RHSA-2012:0313: samba security, bug fix, and enhancement update (Low)
Description: The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Family: unix Class: patch
Reference(s): RHSA-2012:0313-03
CVE-2010-0926
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13096
 
Oval ID: oval:org.mitre.oval:def:13096
Title: USN-918-1 -- samba vulnerability
Description: It was discovered the Samba handled symlinks in an unexpected way when both "wide links" and "UNIX extensions" were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server.
Family: unix Class: patch
Reference(s): USN-918-1
CVE-2010-0926
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23240
 
Oval ID: oval:org.mitre.oval:def:23240
Title: ELSA-2012:0313: samba security, bug fix, and enhancement update (Low)
Description: The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Family: unix Class: patch
Reference(s): ELSA-2012:0313-03
CVE-2010-0926
Version: 6
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27882
 
Oval ID: oval:org.mitre.oval:def:27882
Title: ELSA-2012-0313 -- samba security, bug fix, and enhancement update (low)
Description: [3.0.33-3.37.el5] - Regenerate manpage for 'wide links' and 'unix extensions' sections - related: #722553 [3.0.33-3.36.el5] - Security Release, fixes CVE-2010-0926 - resolves: #722553 [3.0.33-3.35.el5] - Fix smbclient return code - resolves: #768908 [3.0.33-3.34.el5] - Fix support for Windows 2008 R2 domains - resolves: #736124 [3.0.33-3.33.el5] - Security Release, fixes CVE-2010-0547, CVE-2010-0787, CVE-2011-2694, CVE-2011-2522, CVE-2011-1678, CVE-2011-2724 - resolves: #722553 [3.0.33-3.32.el5] - Security Release, fixes CVE-2011-0719 - resolves: #678331 [3.0.33-3.30.el5] - Security Release, fixes CVE-2010-3069 - resolves: #632230
Family: unix Class: patch
Reference(s): ELSA-2012-0313
CVE-2010-0926
Version: 3
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application18

OpenVAS Exploits

DateDescription
2012-02-21Name : RedHat Update for samba RHSA-2012:0313-03
File : nvt/gb_RHSA-2012_0313-03_samba.nasl
2010-03-31Name : Ubuntu Update for samba vulnerability USN-918-1
File : nvt/gb_ubuntu_USN_918_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
62145Samba Guest Account Symlink Traversal Arbitrary File Access

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0313.nasl - Type : ACT_GATHER_INFO
2012-02-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0313.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-6921.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-6920.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12595.nasl - Type : ACT_GATHER_INFO
2010-03-25Name : The remote openSUSE host is missing a security update.
File : suse_11_1_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO
2010-03-25Name : The remote openSUSE host is missing a security update.
File : suse_11_0_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO
2010-03-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-918-1.nasl - Type : ACT_GATHER_INFO
2010-03-25Name : The remote openSUSE host is missing a security update.
File : suse_11_2_cifs-mount-100315.nasl - Type : ACT_GATHER_INFO
2010-03-23Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO
2010-02-08Name : The remote file server is prone to a symlink attack.
File : samba_symlink_dir_traversal.nasl - Type : ACT_DESTRUCTIVE_ATTACK

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 12:06:40
  • Multiple Updates
2013-05-11 00:56:20
  • Multiple Updates