Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37042049
en ru br
Репозитории ALT
S:4.17.11-alt1
5.1: 3.0.37-alt5.M50P.1
4.1: 3.0.30-alt3
4.0: 3.0.33-alt1.M40.1
+updates:3.0.33-alt1.M40.1
3.0: 3.0.14a-alt2
+backports:3.0.28-alt1
www.altlinux.org/Changes

Группа :: Система/Серверы
Пакет: samba

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================

===========
Description
===========

If a user in /etc/passwd is misconfigured to have an empty home
directory (::) and the automated [homes] share is enabled, or an
explicit share is created with that username, then any client connecting
to that share name will be able to access the whole filesystem from
root (/) on downwards, subject to local file system permissions
applied to the connecting user.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

http://www.samba.org/samba/security/

Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==========
Workaround
==========

Do not configure users in /etc/passwd with a blank home
directory field.

=======
Credits
=======

Originally reported by J. David Hester of LCG Systems National
Institutes of Health and forwarded to the Samba Team by Apple
Computer Inc.

Patches provided by Apple and Jeremy Allison of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin