aru Posted April 20, 2004 Report Share Posted April 20, 2004 MandrakeSoft Security Advisory MDKSA-2004:035 : samba April 19th, 2004 Updated samba packages fix privilege escalation vulnerability A vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system. The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Multi Network Firewall 8.2 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:035 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0186 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts