SecurityFocus

Samba 3.x + kernel 2.6.x local root vulnerability Feb 09 2004 09:23PM
Michal Medvecky (M Medvecky sh cvut cz) (3 replies)

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 10 2004 12:07AM
Felipe Franciosi (ozzybugt terra com br)

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 09 2004 10:24PM
Michael Kjorling (michael kjorling com)

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 09 2004 10:03PM
Seth Arnold (sarnold wirex com) (2 replies)

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 10 2004 07:42AM
Frank Louwers (frank openminds be) (2 replies)

On Mon, Feb 09, 2004 at 02:03:47PM -0800, Seth Arnold wrote:
> On Mon, Feb 09, 2004 at 10:23:03PM +0100, Michal Medvecky wrote:
>
> I haven't got a clue what you're trying to accomplish. If you don't want
> a setuid execute, DON'T RUN chmod +s! You don't even need samba to
> accomplish this:
>
>
> I expect this behaviour out of every Linux, BSD, commercial Unix,
> Windows NT with POSIX emulation, QNX, etc.
>
> Can you please explain what specifically bothers you?

I think his point is this:

Image you have a user account luser on box foo. You do not have root on
foo. However, you do have root on box bar. If you are allowed to
smbmount stuff on foo as user luser, (which is a BadThing(tm), but
default behaviour on some systems as it seems), and you smbmount a share
on bar, and use that suid shell, you actually have root control on foo!

Kind Regards,
Frank Louwers

--
Openminds bvba www.openminds.be
Tweebruggenstraat 16 - 9000 Gent - Belgium

[ reply ]

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 12 2004 12:50AM
Darren Reed (avalon caligula anu edu au)

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 11 2004 09:42PM
Urban Widmark (urban teststation com)

Re: Samba 3.x + kernel 2.6.x local root vulnerability Feb 09 2004 11:07PM
Patrick J. Volkerding (security slackware com)