• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Samba SMBPrint Sample Script Insecure Temporary File Handling Symbolic Link Vulnerability

Solution:
Gentoo have released an advisory (GLSA 200404-21) and have made an updated eBuild available to address this issue. Gentoo have recommended that users run the following commands to merge the fixed eBuild:
# emerge sync
# emerge -pv ">=net-fs/samba-3.0.2a-r2"
# emerge ">=net-fs/samba-3.0.2a-r2"

Those using Samba's password database also need to run the following command:
# pdbedit --force-initialized-passwords

Netwosix has realeased an advisory (LNSA-#2004-0013) and fixes for this issue. To obtain fixed packages, users should execute the following commands:
# cd $somewhere
# wget http://download.netwosix.org/0013/nepote
# sh nepote