USN-893-1: Samba vulnerability

view full story

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-3297 Description:  =========================================================== Ubuntu Security Notice USN-893-1 January 28, 2010 samba vulnerability CVE-2009-3297 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: smbfs 3.0.22-1ubuntu3.10 Ubuntu 8.04 LTS: smbfs 3.0.28a-1ubuntu4.10 Ubuntu 8.10: smbfs 2:3.2.3-1ubuntu3.7 Ubuntu 9.04: smbfs 2:3.3.2-1ubuntu3.3 Ubuntu 9.10: smbfs 2:3.4.0-3ubuntu5.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation. (Distributions)