Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Samba

  • 19-04-2001 6:07am
    #1
    Bdellium
    Closed Accounts Posts: 13


    Has anyone noticed any problems in Samba
    up until version 2.0.8 concerning symlinks
    and temporary files.
    I did notice the problem a few months ago
    but couldn't find any way to exploit it.
    Maybe I've overlooked the problem Marcus Meissner
    from Caldera development team has found, it isn't neccessarily access violation, more corruption of devices.
    A few months ago while logged into my own
    smbd I had noticed that the server created
    temporary files in /tmp for the command
    "more" which used a predictable filename
    everytime a new file was requested.I created a symlink file in /tmp with the predictable temporary file name that smbd created.The link was to /etc/shadow.I figured first that if smbd was running as root, it might be possible to grab that file if i created another symlink to the temporary file in my home directory.Although i recieved (Access Denied) when attempting to open the link, Mark has pointed out that it is exploitable, but not given any details.Has anyone else looked into this problem?


Comments

  • #2
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    I see there is a message on bugtraq concerning this today from Debian. I've not heard of a working exploit, but samba isn't something I'd be in the habit of watching out for. Are you interested in developing one?


  • #3
    Bdellium
    Closed Accounts Posts: 13 Bdellium


    I would consider developing one if I knew
    exactly what the problem was.I went back
    to my smbd again to double check with other
    commands like "queue" and "mput"
    Although they also create predictable filenames
    in /tmp. Everything I tried didn't work, I tried
    replacing and grabbing files I had no permission
    to but just recieved (Access Denied).Maybe its the version I'm running.
    It's 2.0.5a so maybe only certain versions after that are affected.
    If anyone looks into it and finds anything out, let us know.


Advertisement